Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.8

HIGH

CVE-2025-48580

In connectInternal of MediaBrowser.java, there is a possible way to access while in use permission while the app is in background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges ne...

Affected Products : android
Published: Dec. 08, 2025

Modified: Dec. 10, 2025

Vuln Type: Authorization
7.8

HIGH

CVE-2025-48594

In onUidImportance of DisassociationProcessor.java, there is a possible way to retain companion application privileges after disassociation due to improper input validation. This could lead to local escalation of privilege with no additional execution pri...

Affected Products : android
Published: Dec. 08, 2025

Modified: Dec. 11, 2025

Vuln Type: Authorization
7.8

HIGH

CVE-2025-48583

In multiple functions of BaseBundle.java, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed f...

Affected Products : android
Published: Dec. 08, 2025

Modified: Dec. 10, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-27063

Memory corruption during video playback when video session open fails with time out error....

Affected Products :
Published: Dec. 18, 2025

Modified: Dec. 18, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-48596

In appendFrom of Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation....

Affected Products : android
Published: Dec. 08, 2025

Modified: Dec. 11, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-54160

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors....

Affected Products :
Published: Dec. 04, 2025

Modified: Dec. 04, 2025

Vuln Type: Path Traversal
7.8

HIGH

CVE-2025-43467

This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1. An app may be able to gain root privileges....

Affected Products : macos
Published: Dec. 12, 2025

Modified: Dec. 15, 2025

Vuln Type: Authorization
7.8

HIGH

CVE-2025-43512

A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2, macOS Sonoma 14.8.3, macOS Sequoia 15.7.3, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to elevate privileges....

Affected Products : macos iphone_os ipados
Published: Dec. 12, 2025

Modified: Dec. 17, 2025

Vuln Type: Authorization
7.8

HIGH

CVE-2025-47350

Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application....

Affected Products :
Published: Dec. 18, 2025

Modified: Dec. 18, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-48597

In multiple locations, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed ...

Affected Products : android
Published: Dec. 08, 2025

Modified: Dec. 08, 2025

Vuln Type: Authorization
7.8

HIGH

CVE-2025-12381

Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows Privilege Escalation, Parameter Injection. A local user with access to the command line may escalate their privileges by abusing the parameters of a command ...

Affected Products : linux_kernel firewall_analyzer
Published: Dec. 09, 2025

Modified: Dec. 17, 2025

Vuln Type: Authorization
7.8

HIGH

CVE-2025-64673

Improper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +1 more products
Published: Dec. 09, 2025

Modified: Dec. 10, 2025
7.8

HIGH

CVE-2025-64680

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +5 more products
Published: Dec. 09, 2025

Modified: Dec. 12, 2025
7.8

HIGH

CVE-2025-62556

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally....

Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products
Published: Dec. 09, 2025

Modified: Dec. 10, 2025
7.8

HIGH

CVE-2025-62553

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally....

Affected Products : office 365_apps excel office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 office_2019
Published: Dec. 09, 2025

Modified: Dec. 09, 2025
7.8

HIGH

CVE-2025-62564

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally....

Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products
Published: Dec. 09, 2025

Modified: Dec. 09, 2025
7.8

HIGH

CVE-2025-62474

Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +7 more products
Published: Dec. 09, 2025

Modified: Dec. 12, 2025
7.8

HIGH

CVE-2025-62455

Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2012_r2 windows_server_2008_r2 +1 more products
Published: Dec. 09, 2025

Modified: Dec. 12, 2025
7.8

HIGH

CVE-2025-62457

Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +1 more products
Published: Dec. 09, 2025

Modified: Dec. 12, 2025
7.8

HIGH

CVE-2025-62572

Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally....

Affected Products : windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Dec. 09, 2025

Modified: Dec. 10, 2025

Showing 20 of 4347 Results

Browse by Apps

Latest CVE Feed

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable