Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.8

HIGH

CVE-2025-55694

Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2 windows_11_2h2
Published: Oct. 14, 2025

Modified: Oct. 30, 2025
7.8

HIGH

CVE-2025-47367

Memory corruption while accessing a buffer during IOCTL processing....

Affected Products : wcd9380_firmware wcd9385_firmware wsa8830_firmware wsa8835_firmware qcm6490_firmware qcs6490_firmware snapdragon_7c\+_gen_3_compute_firmware wcd9370_firmware wcd9375_firmware fastconnect_6900_firmware +52 more products
Published: Nov. 04, 2025

Modified: Nov. 05, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-47365

Memory corruption while processing large input data from a remote source via a communication interface....

Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware +60 more products
Published: Nov. 04, 2025

Modified: Nov. 05, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-47360

Memory corruption while processing client message during device management....

Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware +60 more products
Published: Nov. 04, 2025

Modified: Nov. 05, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-59281

Improper link resolution before file access ('link following') in XBox Gaming Services allows an authorized attacker to elevate privileges locally....

Affected Products : xbox_gaming_services
Published: Oct. 14, 2025

Modified: Oct. 17, 2025
7.8

HIGH

CVE-2025-10934

GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in tha...

Affected Products : debian_linux gimp
Published: Oct. 29, 2025

Modified: Nov. 04, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-59199

Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +3 more products
Published: Oct. 14, 2025

Modified: Oct. 30, 2025
7.8

HIGH

CVE-2025-10924

GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the targe...

Affected Products : gimp
Published: Oct. 29, 2025

Modified: Nov. 04, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-55697

Heap-based buffer overflow in Azure Local allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2022_23h2 windows_server_23h2 windows_server_2025
Published: Oct. 14, 2025

Modified: Oct. 30, 2025
7.8

HIGH

CVE-2025-41390

An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially crafted repository can lead to a arbitrary code execution. An attacker can provide a malicious respository to trigger this vul...

Affected Products :
Published: Oct. 20, 2025

Modified: Nov. 03, 2025

Vuln Type: Injection
7.8

HIGH

CVE-2025-59494

Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally....

Affected Products : azure_monitor_agent
Published: Oct. 14, 2025

Modified: Oct. 22, 2025
7.8

HIGH

CVE-2025-59187

Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products
Published: Oct. 14, 2025

Modified: Nov. 05, 2025
7.8

HIGH

CVE-2025-27048

Memory corruption while processing camera platform driver IOCTL calls....

Affected Products : wcd9380_firmware wcd9385_firmware fastconnect_6900_firmware fastconnect_7800_firmware wsa8840_firmware wsa8845_firmware wsa8845h_firmware wcd9380 wcd9385 sc8380xp_firmware +26 more products
Published: Oct. 09, 2025

Modified: Nov. 05, 2025

Vuln Type: Memory Corruption
7.7

HIGH

CVE-2025-62507

Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is f...

Affected Products : redis
Published: Nov. 04, 2025

Modified: Nov. 04, 2025

Vuln Type: Memory Corruption
7.7

HIGH

CVE-2025-10145

The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.7 via the upload_to_library function. This makes it possible for authenticated attackers, with Author...

Affected Products : auto_featured_image
Published: Oct. 28, 2025

Modified: Oct. 30, 2025

Vuln Type: Server-Side Request Forgery
7.7

HIGH

CVE-2025-64386

The equipment grants a JWT token for each connection in the timeline, but during an active valid session, a hijacking of the token can be done. This will allow an attacker with the token modify parameters of security, access or even steal the session with...

Affected Products : tcprs1plus
Published: Oct. 31, 2025

Modified: Nov. 04, 2025

Vuln Type: Cross-Site Request Forgery
7.7

HIGH

CVE-2025-55698

Null pointer dereference in Windows DirectX allows an authorized attacker to deny service over a network....

Affected Products : windows_11_24h2 windows_server_2025 windows_11_25h2 windows_11_2h2
Published: Oct. 14, 2025

Modified: Oct. 31, 2025
7.7

HIGH

CVE-2025-59200

Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally....

Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +6 more products
Published: Oct. 14, 2025

Modified: Oct. 17, 2025
7.7

HIGH

CVE-2025-59500

Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network....

Affected Products : azure_notification_service
Published: Oct. 23, 2025

Modified: Oct. 27, 2025
7.7

HIGH

CVE-2025-46582

A private key disclosure vulnerability exists in ZTE's ZXMP M721 product. A low-privileged user can bypass authorization checks to view the device's communication private key, resulting in key exposure and impacting communication security....

Affected Products :
Published: Oct. 27, 2025

Modified: Oct. 27, 2025

Vuln Type: Authorization

Showing 20 of 3904 Results

Browse by Apps

Latest CVE Feed

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.7

7.7

7.7

7.7

7.7

7.7

7.7

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable