Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-46286

    A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment.... Read more

    Affected Products : iphone_os ipados
    • Published: Jan. 09, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-46297

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected files within an App Sandbox container.... Read more

    Affected Products : macos
    • Published: Jan. 09, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-62235

    Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to up... Read more

    Affected Products : nimble
    • Published: Jan. 10, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-46298

    The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process cra... Read more

    • Published: Jan. 09, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-46299

    A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may disclose inte... Read more

    • Published: Jan. 09, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-53477

    NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus... Read more

    Affected Products : nimble
    • Published: Jan. 10, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 3.1

    LOW
    CVE-2025-53470

    Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This issue affects Apache NimBLE: through 1.8.  This issue requires a broken or bogus Bluetooth controller and ... Read more

    Affected Products : nimble
    • Published: Jan. 10, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 4.6

    MEDIUM
    CVE-2025-67399

    An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller (Wi-Fi and BLE module) on the device is open to access... Read more

    Affected Products :
    • Published: Jan. 14, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-69274

    Authorization Bypass Through User-Controlled Key vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Privilege Escalation.This issue affects DX NetOps Spectrum: 24.3.10 and earlier.... Read more

    • Published: Jan. 12, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-69275

    Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier.... Read more

    • Published: Jan. 12, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-69276

    Deserialization of Untrusted Data vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Object Injection.This issue affects DX NetOps Spectrum: 24.3.13 and earlier.... Read more

    • Published: Jan. 12, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-52435

    J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropp... Read more

    Affected Products : nimble
    • Published: Jan. 10, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-68810

    In the Linux kernel, the following vulnerability has been resolved: KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot Reject attempts to disable KVM_MEM_GUEST_MEMFD on a memslot that was initially created with a guest_memfd binding, as K... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68807

    In the Linux kernel, the following vulnerability has been resolved: block: fix race between wbt_enable_default and IO submission When wbt_enable_default() is moved out of queue freezing in elevator_change(), it can cause the wbt inflight counter to beco... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-68802

    In the Linux kernel, the following vulnerability has been resolved: drm/xe: Limit num_syncs to prevent oversized allocations The exec and vm_bind ioctl allow userspace to specify an arbitrary num_syncs value. Without bounds checking, a very large num_sy... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-71074

    In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/removal races ffs_epfile_open() can race with removal, ending up with file->private_data pointing to freed object. There is a total count of opened files on fu... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-68812

    In the Linux kernel, the following vulnerability has been resolved: media: iris: Add sanity check for stop streaming Add sanity check in iris_vb2_stop_streaming. If inst->state is already IRIS_INST_ERROR, we should skip the stream_off operation because ... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Denial of Service

  • 8.4

    HIGH
    CVE-2025-13444

    OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the... Read more

    Affected Products : loadmaster
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-71088

    In the Linux kernel, the following vulnerability has been resolved: mptcp: fallback earlier on simult connection Syzkaller reports a simult-connect race leading to inconsistent fallback status: WARNING: CPU: 3 PID: 33 at net/mptcp/subflow.c:1515 subf... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Race Condition

  • 9.8

    CRITICAL
    CVE-2025-65783

    An arbitrary file upload vulnerability in the /utils/uploadFile component of Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows attackers to execute arbitrary code via uploading a crafted PDF file.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Authentication
Showing 20 of 4643 Results