Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-11250

    Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations.... Read more

    Affected Products : manageengine_adselfservice_plus
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-71100

    In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() TID getting from ieee80211_get_tid() might be out of range of array size of sta_entry->tids[], so check TID is less... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-71073

    In the Linux kernel, the following vulnerability has been resolved: Input: lkkbd - disable pending work before freeing device lkkbd_interrupt() schedules lk->tq via schedule_work(), and the work handler lkkbd_reinit() dereferences the lkkbd structure an... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68817

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency Under high concurrency, A tree-connection object (tcon) is freed on a disconnect path while another path still hold... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2026-0404

    An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-71101

    In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing The hp_populate_*_elements_from_package() functions in the hp-bioscfg driver contain out-of-bounds array... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68812

    In the Linux kernel, the following vulnerability has been resolved: media: iris: Add sanity check for stop streaming Add sanity check in iris_vb2_stop_streaming. If inst->state is already IRIS_INST_ERROR, we should skip the stream_off operation because ... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-68811

    In the Linux kernel, the following vulnerability has been resolved: svcrdma: use rc_pageoff for memcpy byte offset svc_rdma_copy_inline_range added rc_curpage (page index) to the page base instead of the byte offset rc_pageoff. Use rc_pageoff so copies ... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68807

    In the Linux kernel, the following vulnerability has been resolved: block: fix race between wbt_enable_default and IO submission When wbt_enable_default() is moved out of queue freezing in elevator_change(), it can cause the wbt inflight counter to beco... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Race Condition

  • 6.4

    MEDIUM
    CVE-2024-54855

    fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers to possibly execute a man-in-the-middle attack during connections with other hosts.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Cryptography

  • 10.0

    CRITICAL
    CVE-2026-23478

    Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via sessio... Read more

    Affected Products : cal.com
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-37170

    Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a priv... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-25652

    In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-58411

    Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources reference counting creating a potential use after free scenario. Improper resource management and reference counting on an inter... Read more

    Affected Products : ddk
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-37179

    Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory regio... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 5.7

    MEDIUM
    CVE-2025-68947

    NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes by issuing crafted IOCTL requests to the driver.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2026-22814

    @adonisjs/lucid is an SQL ORM for AdonisJS built on top of Knex. Prior to 21.8.2 and 22.0.0-next.6, there is a Mass Assignment vulnerability in AdonisJS Lucid which may allow a remote attacker who can influence data that is passed into Lucid model assignm... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-37178

    Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory regio... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-37177

    An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation of this vulnerability could allow an authenticated remote malicious... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-37166

    A vulnerability affecting HPE Networking Instant On Access Points has been identified where a device processing a specially crafted packet could enter a non-responsive state, in some cases requiring a hard reset to re-establish services. A malicious actor... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Denial of Service
Showing 20 of 4520 Results