Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2025-34319

    TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially craft... Read more

    Affected Products :
    • Published: Dec. 03, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-40251

    In the Linux kernel, the following vulnerability has been resolved: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy The function devl_rate_nodes_destroy is documented to "Unset parent for all rate objects". However, it was only calling th... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40250

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Clean up only new IRQ glue on request_irq() failure The mlx5_irq_alloc() function can inadvertently free the entire rmap and end up in a crash[1] when the other threads tries ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-40236

    In the Linux kernel, the following vulnerability has been resolved: virtio-net: zero unused hash fields When GSO tunnel is negotiated virtio_net_hdr_tnl_from_skb() tries to initialize the tunnel metadata but forget to zero unused rxhash fields. This may... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-40235

    In the Linux kernel, the following vulnerability has been resolved: btrfs: directly free partially initialized fs_info in btrfs_check_leaked_roots() If fs_info->super_copy or fs_info->super_for_commit allocated failed in btrfs_get_tree_subvol(), then no... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-2848

    A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions.... Read more

    Affected Products :
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-13448

    The CSSIgniter Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' shortcode attribute in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possibl... Read more

    Affected Products :
    • Published: Dec. 03, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-65097

    RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, an Authenticated User can delete collections belonging to other users by directly sending a DEL... Read more

    Affected Products :
    • Published: Dec. 03, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-40242

    In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix unlikely race in gdlm_put_lock In gdlm_put_lock(), there is a small window of time in which the DFL_UNMOUNT flag has been set but the lockspace hasn't been released, yet. In ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Race Condition

  • 6.5

    MEDIUM
    CVE-2025-57200

    AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the test_mail function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.... Read more

    Affected Products :
    • Published: Dec. 03, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Injection

  • 5.6

    MEDIUM
    CVE-2025-8074

    Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3-13973 allows local users to write arbitrary files with non-sensitive information via unspecified vectors.... Read more

    Affected Products :
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2025-13658

    A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges.... Read more

    Affected Products :
    • Published: Dec. 02, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authentication

  • 8.0

    HIGH
    CVE-2025-64642

    NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries.... Read more

    Affected Products :
    • Published: Dec. 02, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2025-61940

    NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database co... Read more

    Affected Products :
    • Published: Dec. 02, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-40266

    In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Check the untrusted offset in FF-A memory share Verify the offset to prevent OOB access in the hypervisor FF-A buffer in case an untrusted large enough value [U32_MAX - size... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40222

    In the Linux kernel, the following vulnerability has been resolved: tty: serial: sh-sci: fix RSCI FIFO overrun handling The receive error handling code is shared between RSCI and all other SCIF port types, but the RSCI overrun_reg is specified as a memo... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40226

    In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025

  • 5.5

    MEDIUM
    CVE-2025-66453

    Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption ... Read more

    Affected Products :
    • Published: Dec. 03, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2025-20381

    In Splunk MCP Server app versions below 0.2.4, a user with access to the "run_splunk_query" Model Context Protocol (MCP) tool could bypass the SPL command allowlist controls in MCP by embedding SPL commands as sub-searches, leading to unauthorized actions... Read more

    Affected Products :
    • Published: Dec. 03, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-33208

    NVIDIA TAO contains a vulnerability where an attacker may cause a resource to be loaded via an uncontrolled search path. A successful exploit of this vulnerability may lead to escalation of privileges, data tampering, denial of service, information disclo... Read more

    Affected Products :
    • Published: Dec. 03, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Path Traversal
Showing 20 of 5349 Results