Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.6

    MEDIUM
    CVE-2025-13225

    Tanium addressed an arbitrary file deletion vulnerability in TanOS.... Read more

    Affected Products : tanos
    • Published: Nov. 19, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Path Traversal

  • 5.6

    MEDIUM
    CVE-2025-64897

    ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability. A low privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized write access potential... Read more

    Affected Products : coldfusion
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authorization

  • 5.6

    MEDIUM
    CVE-2025-58475

    Improper input validation in libsec-ril.so prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.... Read more

    Affected Products : android
    • Published: Dec. 02, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2025-62631

    An insufficient session expiration vulnerability [CWE-613] in Fortinet FortiOS 7.4.0, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to maintain access to network resources via an active SSLVPN session not ter... Read more

    Affected Products : fortios
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authentication

  • 5.6

    MEDIUM
    CVE-2025-13437

    When zx is invoked with --prefer-local=<path>, the CLI creates a symlink named ./node_modules pointing to <path>/node_modules. Due to a logic error in src/cli.ts (linkNodeModules / cleanup), the function returns the target path instead of the alias (symli... Read more

    Affected Products :
    • Published: Nov. 20, 2025
    • Modified: Nov. 21, 2025
    • Vuln Type: Misconfiguration

  • 5.6

    MEDIUM
    CVE-2025-8074

    Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3-13973 allows local users to write arbitrary files with non-sensitive information via unspecified vectors.... Read more

    Affected Products :
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-14703

    A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25. The affected element is an unknown function of the file /fsnotify of the component POST Message Handler. The manipulation of the argument token leads to improper authentication. It is possible... Read more

    Affected Products :
    • Published: Dec. 15, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-43381

    This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to delete protected user data.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-43466

    An injection issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-43482

    The issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to cause a denial-of-service.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-43519

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-43471

    The issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-65093

    LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajax_output.php endpoint. The hostname parameter i... Read more

    Affected Products : librenms
    • Published: Nov. 18, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-8404

    Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC exploit stack buffer via a crafted  header and achieve arbitrary code execution of the BMC’s firmware operating system.... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-48502

    Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers, potentially resulting in crash or denial of service.... Read more

    Affected Products : uprof
    • Published: Nov. 21, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-33196

    NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure.... Read more

    Affected Products : dgx_os dgx_spark
    • Published: Nov. 25, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-64704

    WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Prior to version 2.4.4, WAMR is susceptible to a segmentation fault in v128.store instruction. This issue has been patched in version 2.4.4.... Read more

    Affected Products : webassembly_micro_runtime
    • Published: Nov. 25, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-13674

    BPv7 dissector crash in Wireshark 4.6.0 allows denial of service... Read more

    Affected Products : wireshark
    • Published: Nov. 26, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-31248

    A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.5, macOS Sonoma 14.7.3. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Nov. 21, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-64313

    Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Nov. 28, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Denial of Service
Showing 20 of 4264 Results