Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 7.8

    HIGH
    CVE-2025-20780

    In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS101840... Read more

    Affected Products : android mt6781 mt6789 mt6833 mt6835 mt6853 mt6855 mt6877 mt6878 mt6879 +36 more products
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Memory Corruption
  • 7.8

    HIGH
    CVE-2025-20781

    In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS101829... Read more

    Affected Products : android mt6781 mt6789 mt6833 mt6835 mt6853 mt6855 mt6877 mt6878 mt6879 +36 more products
    • Published: Jan. 06, 2026
    • Modified: Jan. 12, 2026
    • Vuln Type: Memory Corruption
  • 7.8

    HIGH
    CVE-2025-15276

    FontForge SFD File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vul... Read more

    Affected Products : fontforge
    • Published: Dec. 31, 2025
    • Modified: Jan. 07, 2026
    • Vuln Type: Memory Corruption
  • 7.8

    HIGH
    CVE-2025-15277

    FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vul... Read more

    Affected Products : fontforge
    • Published: Dec. 31, 2025
    • Modified: Jan. 07, 2026
    • Vuln Type: Memory Corruption
  • 7.8

    HIGH
    CVE-2025-15412

    A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds... Read more

    Affected Products : wabt
    • Published: Jan. 01, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption
  • 7.8

    HIGH
    CVE-2025-15411

    A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It i... Read more

    Affected Products : wabt
    • Published: Jan. 01, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption
  • 7.8

    HIGH
    CVE-2025-11157

    A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at `feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py`. The vulnerability arises from the u... Read more

    Affected Products :
    • Published: Jan. 01, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Injection
  • 7.8

    HIGH
    CVE-2025-15278

    FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability... Read more

    Affected Products : fontforge
    • Published: Dec. 31, 2025
    • Modified: Jan. 07, 2026
    • Vuln Type: Memory Corruption
  • 7.8

    HIGH
    CVE-2026-21504

    iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap buffer overflow in the ToneMap parser. This issue has been ... Read more

    Affected Products : iccdev
    • Published: Jan. 07, 2026
    • Modified: Jan. 09, 2026
    • Vuln Type: Memory Corruption
  • 7.8

    HIGH
    CVE-2026-0859

    TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue af... Read more

    Affected Products : typo3
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Authentication
  • 7.8

    HIGH
    CVE-2026-20920

    Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 15, 2026
  • 7.8

    HIGH
    CVE-2025-20798

    In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ... Read more

    Affected Products : android mt6781 mt6833 mt6835 mt6853 mt6855 mt6877 mt6879 mt6893 mt6985 +25 more products
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Memory Corruption
  • 7.8

    HIGH
    CVE-2025-20797

    In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ... Read more

    Affected Products : android mt6781 mt6833 mt6835 mt6853 mt6855 mt6877 mt6879 mt6893 mt6985 +25 more products
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Memory Corruption
  • 7.8

    HIGH
    CVE-2025-20799

    In c2ps, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10274607;... Read more

    Affected Products : android mt6899 mt6991 mt8793 mt6993
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Memory Corruption
  • 7.8

    HIGH
    CVE-2025-20800

    In mminfra, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ... Read more

    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Memory Corruption
  • 7.8

    HIGH
    CVE-2025-15062

    Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerab... Read more

    Affected Products : sketchup
    • Published: Jan. 23, 2026
    • Modified: Jan. 23, 2026
  • 7.8

    HIGH
    CVE-2020-36936

    Magic Mouse 2 Utilities 2.20 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to inject malicious executables and gain elevated system privileges by placing a malicious file in t... Read more

    Affected Products :
    • Published: Jan. 25, 2026
    • Modified: Jan. 25, 2026
    • Vuln Type: Misconfiguration
  • 7.8

    HIGH
    CVE-2026-21501

    iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the calculator parser. This issue has been pat... Read more

    Affected Products : iccdev
    • Published: Jan. 07, 2026
    • Modified: Jan. 09, 2026
    • Vuln Type: Memory Corruption
  • 7.8

    HIGH
    CVE-2026-20810

    Free of memory not on the heap in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
  • 7.8

    HIGH
    CVE-2020-36933

    HTC IPTInstaller 4.0.9 contains an unquoted service path vulnerability in the PassThru Service configuration. Attackers can exploit the unquoted binary path to inject and execute malicious code with elevated LocalSystem privileges.... Read more

    Affected Products :
    • Published: Jan. 25, 2026
    • Modified: Jan. 25, 2026
    • Vuln Type: Misconfiguration
Showing 20 of 4389 Results