Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-63402

    An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests... Read more

    Affected Products : dragon
    • Published: Dec. 03, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-29933

    Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service... Read more

    Affected Products : uprof
    • Published: Nov. 24, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-66548

    Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into do... Read more

    Affected Products : deck notes
    • Published: Dec. 05, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-64715

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not... Read more

    Affected Products : cilium
    • Published: Nov. 29, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-13467

    A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration.... Read more

    Affected Products : keycloak
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-64704

    WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Prior to version 2.4.4, WAMR is susceptible to a segmentation fault in v128.store instruction. This issue has been patched in version 2.4.4.... Read more

    Affected Products : webassembly_micro_runtime
    • Published: Nov. 25, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-13674

    BPv7 dissector crash in Wireshark 4.6.0 allows denial of service... Read more

    Affected Products : wireshark
    • Published: Nov. 26, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-64894

    DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this issue to cause the application to crash or become unresponsive. Exploitatio... Read more

    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-58486

    Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script.... Read more

    Affected Products : account
    • Published: Dec. 02, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-58485

    Improper input validation in Samsung Internet prior to version 29.0.0.48 allows local attackers to inject arbitrary script.... Read more

    Affected Products : internet
    • Published: Dec. 02, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-13945

    HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service... Read more

    Affected Products : wireshark
    • Published: Dec. 03, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-48511

    Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service.... Read more

    Affected Products : uprof
    • Published: Nov. 24, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-33197

    NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a NULL pointer dereference. A successful exploit of this vulnerability might lead to denial of service.... Read more

    Affected Products : dgx_os dgx_spark
    • Published: Nov. 25, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-42891

    Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on ... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-13466

    body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, cau... Read more

    Affected Products : body-parser
    • Published: Nov. 24, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-51733

    Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0.... Read more

    Affected Products : unica
    • Published: Nov. 28, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.5

    MEDIUM
    CVE-2025-58315

    Permission control vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Nov. 28, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-58312

    Permission control vulnerability in the App Lock module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Nov. 28, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-64311

    Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Nov. 28, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-58279

    Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Dec. 08, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization
Showing 20 of 4371 Results