Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.1

    LOW
    CVE-2025-65046

    Microsoft Edge (Chromium-based) Spoofing Vulnerability... Read more

    Affected Products : edge edge_chromium
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025

  • 3.1

    LOW
    CVE-2025-14953

    A flaw has been found in Open5GS up to 2.7.5. This impacts the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component FAR-ID Handler. Executing manipulation can lead to null pointer dereference. The attack may be performed ... Read more

    Affected Products : open5gs
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Memory Corruption

  • 3.1

    LOW
    CVE-2025-67737

    AzuraCast is a self-hosted, all-in-one web radio management suite. Versions 0.23.1 mistakenly include an API endpoint that is intended for internal use by the SFTP software sftpgo, exposing it to the public-facing HTTP API for AzuraCast installations. A u... Read more

    Affected Products : azuracast
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Misconfiguration

  • 3.1

    LOW
    CVE-2025-67739

    In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure... Read more

    Affected Products : teamcity
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Information Disclosure

  • 3.1

    LOW
    CVE-2025-62690

    Mattermost versions 10.11.x <= 10.11.4 fail to validate redirect URLs on the /error page, which allows an attacker to redirect a victim to a malicious site via a crafted link opened in a new tab.... Read more

    Affected Products : mattermost_server
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Misconfiguration

  • 3.1

    LOW
    CVE-2025-43531

    A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content m... Read more

    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Race Condition

  • 3.0

    LOW
    CVE-2025-13352

    Mattermost versions 10.11.x <= 10.11.6 and Mattermost GitHub plugin versions <=2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub o... Read more

    Affected Products : mattermost_server
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authentication

  • 2.9

    LOW
    CVE-2025-67899

    uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.... Read more

    Affected Products : uriparser
    • Published: Dec. 14, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Denial of Service

  • 2.9

    LOW
    CVE-2025-65111

    SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union (+) and that union reference... Read more

    Affected Products : spicedb
    • Published: Nov. 21, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 2.8

    LOW
    CVE-2025-66372

    Mustang before 2.16.3 allows exfiltrating files via XXE attacks.... Read more

    Affected Products :
    • Published: Nov. 28, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: XML External Entity

  • 2.8

    LOW
    CVE-2025-65185

    There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses.... Read more

    Affected Products :
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authentication

  • 2.8

    LOW
    CVE-2025-43532

    A memory corruption issue was addressed with improved bounds checking. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. Proc... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Dec. 12, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Memory Corruption

  • 2.7

    LOW
    CVE-2025-57823

    A direct request ('forced browsing') vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with a... Read more

    Affected Products : fortiauthenticator
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2025-11934

    Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in wolfSSL 5.8.2 and earlier on multiple platforms allows for downgrading the signature algorithm used. For example when a client sends ECDSA P521 as the supported ... Read more

    Affected Products : linux_kernel macos wolfssl
    • Published: Nov. 21, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Cryptography

  • 2.7

    LOW
    CVE-2025-13596

    A sensitive information disclosure vulnerability exists in the error handling component of ATISoluciones CIGES Application version 2.15.6 and earlier. When certain unexpected conditions trigger unhandled exceptions, the application returns detailed error ... Read more

    Affected Products : ciges
    • Published: Nov. 24, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2025-52666

    Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error.... Read more

    Affected Products : revive_adserver
    • Published: Nov. 20, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Misconfiguration

  • 2.7

    LOW
    CVE-2025-68162

    In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration... Read more

    Affected Products : teamcity
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Misconfiguration

  • 2.7

    LOW
    CVE-2025-65942

    VictoriaMetrics is a scalable solution for monitoring and managing time series data. In versions from 1.0.0 to before 1.110.23, from 1.111.0 to before 1.122.8, and from 1.123.0 to before 1.129.1, affected versions are vulnerable to DoS attacks because the... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Denial of Service

  • 2.7

    LOW
    CVE-2025-66409

    ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to ... Read more

    Affected Products : esp-idf
    • Published: Dec. 02, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Memory Corruption

  • 2.7

    LOW
    CVE-2025-20388

    In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the high privilege capability `change_authentication` could en... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Dec. 03, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 4540 Results