Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-42928

    Under certain conditions, a high privileged user could exploit a deserialization vulnerability in SAP jConnect to launch remote code execution. The system may be vulnerable when specially crafted input is used to exploit the vulnerability resulting in hig... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-40337

    In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Correctly handle Rx checksum offload errors The stmmac_rx function would previously set skb->ip_summed to CHECKSUM_UNNECESSARY if hardware checksum offload (CoE) was enable... Read more

    Affected Products : linux_kernel
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-40336

    In the Linux kernel, the following vulnerability has been resolved: drm/gpusvm: fix hmm_pfn_to_map_order() usage Handle the case where the hmm range partially covers a huge page (like 2M), otherwise we can potentially end up doing something nasty like m... Read more

    Affected Products : linux_kernel
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40341

    In the Linux kernel, the following vulnerability has been resolved: futex: Don't leak robust_list pointer on exec race sys_get_robust_list() and compat_get_robust_list() use ptrace_may_access() to check if the calling task is allowed to access another t... Read more

    Affected Products : linux_kernel
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Race Condition

  • 7.5

    HIGH
    CVE-2025-59030

    An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP.... Read more

    Affected Products : recursor
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-40335

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq input args This will help on validating the userq input args, and rejecting for the invalid userq request at the IOCTLs first place.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025

  • 0.0

    NA
    CVE-2025-40332

    In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix mmap write lock not release If mmap write lock is taken while draining retry fault, mmap write lock is not released because svm_range_restore_pages calls mmap_read_unloc... Read more

    Affected Products : linux_kernel
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Race Condition

  • 9.2

    CRITICAL
    CVE-2025-40801

    A vulnerability has been identified in COMOS V10.6 (All versions), COMOS V10.6 (All versions), JT Bi-Directional Translator for STEP (All versions), NX V2412 (All versions < V2412.8900 with Cloud Entitlement (bundled as NX X)), NX V2506 (All versions < V2... Read more

    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-40806

    A vulnerability has been identified in Gridscale X Prepay (All versions < V4.2.1). The affected application is vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is v... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-40338

    In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Do not share the name pointer between components By sharing 'name' directly, tearing down components may lead to use-after-free errors. Duplicate the name to avoid tha... Read more

    Affected Products : linux_kernel
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-66533

    Improper Control of Generation of Code ('Code Injection') vulnerability in StellarWP GiveWP give allows Code Injection.This issue affects GiveWP: from n/a through <= 4.13.1.... Read more

    Affected Products : givewp
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-64666

    Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.... Read more

    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025

  • 7.1

    HIGH
    CVE-2025-34413

    Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical HTTP security headers are not emitted by default. Affected deployments omit Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2023-22675

    Cross-Site Request Forgery (CSRF) vulnerability in Taylor Hawkes WP Fast Cache allows Cross Site Request Forgery.This issue affects WP Fast Cache: from n/a through 1.5.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-6923

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TalentSoft Software UNIS allows Reflected XSS.This issue affects UNIS: before 42957.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-64658

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025

  • 5.4

    MEDIUM
    CVE-2023-23729

    Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.... Read more

    Affected Products : spectra
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2022-46845

    Missing Authorization vulnerability in Essential Plugin Slider a SlidersPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider a SlidersPack: from n/a before 2.3.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-6924

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TalentSoft Software e-BAP Automation allows Reflected XSS.This issue affects e-BAP Automation: before 42957.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-67535

    Deserialization of Untrusted Data vulnerability in WePlugins - WordPress Development Company WP Maps wp-google-map-plugin allows Object Injection.This issue affects WP Maps: from n/a through <= 4.8.6.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Injection
Showing 20 of 5247 Results