Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-71101

    In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing The hp_populate_*_elements_from_package() functions in the hp-bioscfg driver contain out-of-bounds array... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68770

    In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix XDP_TX path For XDP_TX action in bnxt_rx_xdp(), clearing of the event flags is not correct. __bnxt_poll_work() -> bnxt_rx_pkt() -> bnxt_rx_xdp() may be looping within NAPI... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-71065

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential deadlock As Jiaming Zhang and syzbot reported, there is potential deadlock in f2fs as below: Chain exists of: &sbi->cp_rwsem --> fs_reclaim --> sb_intern... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Race Condition

  • 5.5

    MEDIUM
    CVE-2025-9435

    Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module... Read more

    Affected Products : manageengine_admanager_plus
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Path Traversal

  • 8.4

    HIGH
    CVE-2025-9427

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lemonsoft WordPress add on allows Cross-Site Scripting (XSS).This issue affects WordPress add on: 2025.7.1.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.4

    HIGH
    CVE-2025-13444

    OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the... Read more

    Affected Products : loadmaster
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-71099

    In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() In xe_oa_add_config_ioctl(), we accessed oa_config->id after dropping metrics_lock. Since this lock protects the lifetime of oa_... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-11250

    Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations.... Read more

    Affected Products : manageengine_adselfservice_plus
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2026-0684

    The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpis_admin_init' function's permission check. This makes it possible for authenticated at... Read more

    Affected Products : cp_image_store_with_slideshow
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-36640

    A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges.... Read more

    Affected Products : nessus
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-71089

    In the Linux kernel, the following vulnerability has been resolved: iommu: disable SVA when CONFIG_X86 is set Patch series "Fix stale IOTLB entries for kernel address space", v7. This proposes a fix for a security vulnerability related to IOMMU Shared ... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-71088

    In the Linux kernel, the following vulnerability has been resolved: mptcp: fallback earlier on simult connection Syzkaller reports a simult-connect race leading to inconsistent fallback status: WARNING: CPU: 3 PID: 33 at net/mptcp/subflow.c:1515 subf... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-71070

    In the Linux kernel, the following vulnerability has been resolved: ublk: clean up user copy references on ublk server exit If a ublk server process releases a ublk char device file, any requests dispatched to the ublk server but not yet completed will ... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68802

    In the Linux kernel, the following vulnerability has been resolved: drm/xe: Limit num_syncs to prevent oversized allocations The exec and vm_bind ioctl allow userspace to specify an arbitrary num_syncs value. Without bounds checking, a very large num_sy... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-68810

    In the Linux kernel, the following vulnerability has been resolved: KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot Reject attempts to disable KVM_MEM_GUEST_MEMFD on a memslot that was initially created with a guest_memfd binding, as K... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-71074

    In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/removal races ffs_epfile_open() can race with removal, ending up with file->private_data pointing to freed object. There is a total count of opened files on fu... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-68786

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: skip lock-range check on equal size to avoid size==0 underflow When size equals the current i_size (including 0), the code used to call check_lock_range(filp, i_size, size - 1, W... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68817

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency Under high concurrency, A tree-connection object (tcon) is freed on a disconnect path while another path still hold... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2024-54855

    fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers to possibly execute a man-in-the-middle attack during connections with other hosts.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Cryptography

  • 0.0

    NA
    CVE-2025-71073

    In the Linux kernel, the following vulnerability has been resolved: Input: lkkbd - disable pending work before freeing device lkkbd_interrupt() schedules lk->tq via schedule_work(), and the work handler lkkbd_reinit() dereferences the lkkbd structure an... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4078 Results