Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-14927

    Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to... Read more

    Affected Products : transformers
    • Published: Dec. 23, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 4.5

    MEDIUM
    CVE-2025-13698

    Deciso OPNsense diag_backup.php filename Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Deciso OPNsense. Authentication is required to ... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-12839

    Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. Use... Read more

    Affected Products : openexr
    • Published: Dec. 23, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-14412

    Soda PDF Desktop XLS File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnera... Read more

    Affected Products : soda_pdf_desktop
    • Published: Dec. 23, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-12491

    Senstar Symphony FetchStoredLicense Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Senstar Symphony. Authentication is not required to exploit this vulnerabil... Read more

    Affected Products : symphony
    • Published: Dec. 23, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Information Disclosure

  • 7.0

    HIGH
    CVE-2025-68617

    FluidSynth is a software synthesizer based on the SoundFont 2 specifications. From versions 2.5.0 to before 2.5.2, a race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unl... Read more

    Affected Products : fluidsynth
    • Published: Dec. 23, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Race Condition

  • 8.6

    HIGH
    CVE-2025-68665

    LangChain is a framework for building LLM-powered applications. Prior to @langchain/core versions 0.3.80 and 1.1.8, and prior to langchain versions 0.3.37 and 1.2.3, a serialization injection vulnerability exists in LangChain JS's toJSON() method (and sub... Read more

    Affected Products : langchain
    • Published: Dec. 23, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-66444

    Cross-site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Adviso... Read more

    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-68355

    In the Linux kernel, the following vulnerability has been resolved: bpf: Fix exclusive map memory leak When excl_prog_hash is 0 and excl_prog_hash_size is non-zero, the map also needs to be freed. Otherwise, the map memory will not be reclaimed, just li... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-54037

    In the Linux kernel, the following vulnerability has been resolved: ice: prevent NULL pointer deref during reload Calling ethtool during reload can lead to call trace, because VSI isn't configured for some time, but netdev is alive. To fix it add rtnl ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2023-54036

    In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU The wifi + bluetooth combo chip RTL8723BU can leak memory (especially?) when it's connected to a bluetooth audio device. The b... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-54002

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion of exclop condition when starting balance Balance as exclusive state is compatible with paused balance and device add, which makes some things more complicated. The... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2022-50703

    In the Linux kernel, the following vulnerability has been resolved: soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() There are two refcount leak bugs in qcom_smsm_probe(): (1) The 'local_node' is escaped out from for_each_child_of_node() as... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-54010

    In the Linux kernel, the following vulnerability has been resolved: ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects ACPICA commit 0d5f467d6a0ba852ea3aad68663cbcbd43300fd4 ACPI_ALLOCATE_ZEROED may fails, object_info ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-54042

    In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix VAS mm use after free The refcount on mm is dropped before the coprocessor is detached.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-54006

    In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data-race around unix_tot_inflight. unix_tot_inflight is changed under spin_lock(unix_gc_lock), but unix_release_sock() reads it locklessly. Let's use READ_ONCE() for unix... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Race Condition

  • 7.8

    HIGH
    CVE-2025-14409

    Soda PDF Desktop PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vul... Read more

    Affected Products : soda_pdf_desktop
    • Published: Dec. 23, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-14423

    GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in th... Read more

    Affected Products : gimp
    • Published: Dec. 23, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50706

    In the Linux kernel, the following vulnerability has been resolved: net/ieee802154: don't warn zero-sized raw_sendmsg() syzbot is hitting skb_assert_len() warning at __dev_queue_xmit() [1], for PF_IEEE802154 socket's zero-sized raw_sendmsg() request is ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025

  • 0.0

    NA
    CVE-2023-53987

    In the Linux kernel, the following vulnerability has been resolved: ping: Fix potentail NULL deref for /proc/net/icmp. After commit dbca1596bbb0 ("ping: convert to RCU lookups, get rid of rwlock"), we use RCU for ping sockets, but we should use spinlock... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4217 Results