Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-40217

    In the Linux kernel, the following vulnerability has been resolved: pidfs: validate extensible ioctls Validate extensible ioctls stricter than we do now.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025

  • 8.6

    HIGH
    CVE-2025-62173

    ## Summary Authenticated SQL Injection Vulnerability in Endpoint Module Rest API... Read more

    Affected Products : freepbx
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-40247

    In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix pgtable prealloc error path The following splat was reported: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 Mem abort info: ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40219

    In the Linux kernel, the following vulnerability has been resolved: PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV Before disabling SR-IOV via config space accesses to the parent PF, sriov_disable() first removes the PCI devices r... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-40235

    In the Linux kernel, the following vulnerability has been resolved: btrfs: directly free partially initialized fs_info in btrfs_check_leaked_roots() If fs_info->super_copy or fs_info->super_for_commit allocated failed in btrfs_get_tree_subvol(), then no... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40236

    In the Linux kernel, the following vulnerability has been resolved: virtio-net: zero unused hash fields When GSO tunnel is negotiated virtio_net_hdr_tnl_from_skb() tries to initialize the tunnel metadata but forget to zero unused rxhash fields. This may... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-40224

    In the Linux kernel, the following vulnerability has been resolved: hwmon: (cgbc-hwmon) Add missing NULL check after devm_kzalloc() The driver allocates memory for sensor data using devm_kzalloc(), but did not check if the allocation succeeded. In case ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40233

    In the Linux kernel, the following vulnerability has been resolved: ocfs2: clear extent cache after moving/defragmenting extents The extent map cache can become stale when extents are moved or defragmented, causing subsequent operations to see outdated ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40240

    In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk->skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk->skb can only be NULL if ch... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40245

    In the Linux kernel, the following vulnerability has been resolved: nios2: ensure that memblock.current_limit is set when setting pfn limits On nios2, with CONFIG_FLATMEM set, the kernel relies on memblock_get_current_limit() to determine the limits of ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025

  • 0.0

    NA
    CVE-2025-40260

    In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix scx_enable() crash on helper kthread creation failure A crash was observed when the sched_ext selftests runner was terminated with Ctrl+\ while test 15 was running: NIP ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-66422

    Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.... Read more

    Affected Products : trytond
    • Published: Nov. 30, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-66423

    Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.... Read more

    Affected Products : trytond
    • Published: Nov. 30, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-59792

    Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue.... Read more

    Affected Products : kvrocks
    • Published: Nov. 28, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-59790

    Improper Privilege Management vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue.... Read more

    Affected Products : kvrocks
    • Published: Nov. 28, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-66424

    Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.... Read more

    Affected Products : trytond
    • Published: Nov. 30, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-54057

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking: <= 10.2.0. Users are recommended to upgrade to version 10.3.0, which fixes the issue.... Read more

    Affected Products : skywalking
    • Published: Nov. 27, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-13787

    A flaw has been found in ZenTao up to 21.7.6-8564. The affected element is the function file::delete of the file module/file/control.php of the component File Handler. Executing manipulation of the argument fileID can lead to improper privilege management... Read more

    Affected Products : zentao
    • Published: Nov. 30, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-13788

    A vulnerability has been found in Chanjet CRM up to 20251106. The impacted element is an unknown function of the file /tools/upgradeattribute.php. The manipulation of the argument gblOrgID leads to sql injection. The attack can be initiated remotely. The ... Read more

    Affected Products : chanjet_cms chanjet_crm
    • Published: Nov. 30, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-13789

    A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery. The attack can be launched remotely. The exploit ha... Read more

    Affected Products : zentao
    • Published: Nov. 30, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Server-Side Request Forgery
Showing 20 of 4855 Results