Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-64715

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not... Read more

    Affected Products : cilium
    • Published: Nov. 29, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-64311

    Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Nov. 28, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-66323

    Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Dec. 08, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-48622

    In ProcessArea of dng_misc_opcodes.cpp, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-14197

    A security vulnerability has been detected in Verysync 微力同步 up to 2.21.3. The impacted element is an unknown function of the file /rest/f/api/resources/f96956469e7be39d of the component Web Administration Module. Such manipulation leads to information dis... Read more

    Affected Products : verysync
    • Published: Dec. 07, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-66329

    Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Dec. 08, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-66382

    In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.... Read more

    Affected Products : libexpat
    • Published: Nov. 28, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-48607

    In multiple locations, there is a possible way to create a large amount of app ops due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation... Read more

    Affected Products : android
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-48604

    In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitati... Read more

    Affected Products : android
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-48600

    In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitatio... Read more

    Affected Products : android
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-48603

    In InputMethodInfo of InputMethodInfo.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitat... Read more

    Affected Products : android
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-14721

    The Responsive and Swipe slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rsSlider shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied a... Read more

    Affected Products :
    • Published: Dec. 20, 2025
    • Modified: Dec. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-66331

    Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-13945

    HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service... Read more

    Affected Products : wireshark
    • Published: Dec. 03, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-54866

    Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.3.0 to before 4.13.0, a missing ACL on "C:\Program Files (x86)\ossec-agent\authd.pass" exposes the password to all "Authenticated Users" on the lo... Read more

    Affected Products : wazuh
    • Published: Nov. 21, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-59529

    Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowin... Read more

    Affected Products : avahi
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-48610

    In __pkvm_guest_relinquish_to_host of mem_protect.c, there is a possible configuration data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not need... Read more

    Affected Products : android
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-66333

    Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-66332

    Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-48569

    In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Denial of Service
Showing 20 of 4363 Results