Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-20801

    In seninf, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10251... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-20800

    In mminfra, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-20799

    In c2ps, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10274607;... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-20798

    In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-20797

    In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-20796

    In imgsys, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: AL... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-20795

    In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch I... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-20794

    In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User intera... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-20793

    In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interac... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-20781

    In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS101829... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-20780

    In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS101840... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-20779

    In display, there is a possible use after free due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS1018408... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-20778

    In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-20762

    In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interac... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-20761

    In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interac... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-20760

    In Modem, there is a possible read of uninitialized heap data due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges need... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-15385

    Insufficient Verification of Data Authenticity vulnerability in TECNO Mobile com.Afmobi.Boomplayer allows Authentication Bypass.This issue affects com.Afmobi.Boomplayer: 7.4.63.... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-15364

    The Download Manager plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.40. This is due to the plugin not properly validating a user's identity prior to updating their details like pas... Read more

    Affected Products : download_manager
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2026-21507

    iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have an infinite loop in the IccProfile.cpp function, CalcProfileID. This issue is fixed in version 2.3.1.1.... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026

  • 6.5

    MEDIUM
    CVE-2025-69197

    Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multiple times during its validity window. Users with 2FA enabled are prompted to enter a token during sign-in, and afterward it is not suffi... Read more

    Affected Products : panel
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Authentication
Showing 20 of 5133 Results