Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-71116

    In the Linux kernel, the following vulnerability has been resolved: libceph: make decode_pool() more resilient against corrupted osdmaps If the osdmap is (maliciously) corrupted such that the encoded length of ceph_pg_pool envelope is less than what is ... Read more

    Affected Products : linux_kernel
    • Published: Jan. 14, 2026
    • Modified: Jan. 19, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-20667

    A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 26.3 and iPadOS 26.3. An app may be able to break out of its sandbox.... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2026-23098

    In the Linux kernel, the following vulnerability has been resolved: netrom: fix double-free in nr_route_frame() In nr_route_frame(), old_skb is immediately freed without checking if nr_neigh->ax25 pointer is NULL. Therefore, if nr_neigh->ax25 is NULL, t... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-46304

    The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-58190

    The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.... Read more

    Affected Products : networking
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-69871

    A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage() function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthe... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-69873

    ajv (Another JSON Schema Validator) through version 8.17.1 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed ... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2026-23104

    In the Linux kernel, the following vulnerability has been resolved: ice: fix devlink reload call trace Commit 4da71a77fc3b ("ice: read internal temperature sensor") introduced internal temperature sensor reading via HWMON. ice_hwmon_init() was added to ... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2026-23109

    In the Linux kernel, the following vulnerability has been resolved: fs/writeback: skip AS_NO_DATA_INTEGRITY mappings in wait_sb_inodes() Above the while() loop in wait_sb_inodes(), we document that we must wait for all pages under writeback for data int... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NONE
    CVE-2025-61636

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLButtonField.Php. This issue affe... Read more

    Affected Products : mediawiki
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2026-20700

    A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memory write capability may be able to execute arbitrary co... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-47911

    The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.... Read more

    Affected Products : networking
    • Published: Feb. 05, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-46290

    A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. A remote attacker may be able to cause a denial-of-service.... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NONE
    CVE-2025-61637

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.J... Read more

    Affected Products : mediawiki
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2026-20650

    A denial-of-service issue was addressed with improved validation. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker in a privileged network position may be able to perform denial-of-serv... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NONE
    CVE-2025-61638

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid. This vulnerability is associated with program files includes/parser/Sanitizer.Php, s... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-46310

    This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. An attacker with root privileges may be able to delete protected system files.... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-46301

    The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-23089

    In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() When snd_usb_create_mixer() fails, snd_usb_mixer_free() frees mixer->id_elems but the controls already added to the card stil... Read more

    Affected Products : linux_kernel
    • Published: Feb. 04, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-22997

    In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts Since j1939_session_deactivate_activate_next() in j1939_tp_rxtimer() is called only ... Read more

    Affected Products : linux_kernel
    • Published: Jan. 25, 2026
    • Modified: Feb. 06, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 5105 Results