Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-40361

    In the Linux kernel, the following vulnerability has been resolved: fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock The parent function ext4_xattr_inode_lookup_create already uses GFP_NOFS for memory alloction, so the function ext4_xattr_inode... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40353

    In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Do not warn if the page is already tagged in copy_highpage() The arm64 copy_highpage() assumes that the destination page is newly allocated and not MTE-tagged (PG_mte_tagged... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025

  • 0.0

    NA
    CVE-2025-68197

    In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() With older FW, we may get the ASYNC_EVENT_CMPL_EVENT_ID_DBG_BUF_PRODUCER for FW trace data type that has not been ini... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68182

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix potential use after free in iwl_mld_remove_link() This code frees "link" by calling kfree_rcu(link, rcu_head) and then it dereferences "link" to get the "link->fw_id"... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68181

    In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Remove calls to drm_put_dev() Since the allocation of the drivers main structure was changed to devm_drm_dev_alloc() drm_put_dev()'ing to trigger it to be free'd should be d... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68171

    In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Ensure XFD state on signal delivery Sean reported [1] the following splat when running KVM tests: WARNING: CPU: 232 PID: 15391 at xfd_validate_state+0x65/0x70 Call Trace... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-40350

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ XDP programs can change the layout of an xdp_buff through bpf_xdp_adjust_tail() and bpf_xdp_adjust_head(). The... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-68305

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sock: Prevent race in socket write iter and sock bind There is a potential race condition between sock bind and socket write iter. bind may free the same cmd via mgmt_pen... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-68299

    In the Linux kernel, the following vulnerability has been resolved: afs: Fix delayed allocation of a cell's anonymous key The allocation of a cell's anonymous key is done in a background thread along with other cell setup such as doing a DNS upcall. In... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-68298

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref In btusb_mtk_setup(), we set `btmtk_data->isopkt_intf` to: usb_ifnum_to_if(data->udev, MTK_ISO_IFNUM) That fun... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68262

    In the Linux kernel, the following vulnerability has been resolved: crypto: zstd - fix double-free in per-CPU stream cleanup The crypto/zstd module has a double-free bug that occurs when multiple tfms are allocated and freed. The issue happens because ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68245

    In the Linux kernel, the following vulnerability has been resolved: net: netpoll: fix incorrect refcount handling causing incorrect cleanup commit efa95b01da18 ("netpoll: fix use after free") incorrectly ignored the refcount and prematurely set dev->npi... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68237

    In the Linux kernel, the following vulnerability has been resolved: mtdchar: fix integer overflow in read/write ioctls The "req.start" and "req.len" variables are u64 values that come from the user at the start of the function. We mask away the high 32... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68234

    In the Linux kernel, the following vulnerability has been resolved: io_uring/cmd_net: fix wrong argument types for skb_queue_splice() If timestamp retriving needs to be retried and the local list of SKB's already has entries, then it's spliced back into... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68222

    In the Linux kernel, the following vulnerability has been resolved: pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc s32_pinctrl_desc is allocated with devm_kmalloc(), but not all of its fields are initialized. Notably, num_custom_params is ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68244

    In the Linux kernel, the following vulnerability has been resolved: drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD On completion of i915_vma_pin_ww(), a synchronous variant of dma_fence_work_commit() is called. When pinning a VMA to... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Race Condition

  • 6.3

    MEDIUM
    CVE-2025-14347

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software Ltd. OBS (Student Affairs Information System)0 allows Reflected XSS.This issue affects OBS (Student Affairs Information System)0: ... Read more

    Affected Products :
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-14399

    The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.6. This is due to missing or incorrect nonce validation on the download_plugin_bulk and downlo... Read more

    Affected Products :
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.0

    HIGH
    CVE-2025-14302

    Certain motherboard models developed by GIGABYTE has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory bef... Read more

    Affected Products :
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2025-14801

    A security vulnerability has been detected in xiweicheng TMS up to 2.28.0. This affects the function createComment of the file /admin/blog/comment/create. Such manipulation of the argument content leads to cross site scripting. The attack may be performed... Read more

    Affected Products :
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 5220 Results