Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-13137

    The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'woomotiv_limit' parameter in all versions up to, and including, 3.6.3 due to insufficient input sanitization and output es... Read more

    Affected Products : woomotiv
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-14185

    A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The ... Read more

    Affected Products :
    • Published: Dec. 07, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-12091

    The Search, Filters & Merchandising for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcis_save_email' endpoint in all versions up to, and including, 3.0.63. This makes it pos... Read more

    Affected Products :
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authorization

  • 9.0

    HIGH
    CVE-2025-14196

    A weakness has been identified in H3C Magic B1 up to 100R004. The affected element is the function sub_44de0 of the file /goform/aspForm. This manipulation of the argument param causes buffer overflow. Remote exploitation of the attack is possible. The ex... Read more

    Affected Products :
    • Published: Dec. 07, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40313

    In the Linux kernel, the following vulnerability has been resolved: ntfs3: pretend $Extend records as regular files Since commit af153bb63a33 ("vfs: catch invalid modes in may_open()") requires any inode be one of S_IFDIR/S_IFLNK/S_IFREG/S_IFCHR/S_IFBLK... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-40319

    In the Linux kernel, the following vulnerability has been resolved: bpf: Sync pending IRQ work before freeing ring buffer Fix a race where irq_work can be queued in bpf_ringbuf_commit() but the ring buffer is freed before the work executes. In the syzbo... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-40321

    In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Currently, whenever there is a need to transmit an Action frame, the brcmfmac driver always uses the P2P vif ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40322

    In the Linux kernel, the following vulnerability has been resolved: fbdev: bitblit: bound-check glyph index in bit_putcs* bit_putcs_aligned()/unaligned() derived the glyph pointer from the character value masked by 0xff/0x1ff, which may exceed the actua... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50616

    In the Linux kernel, the following vulnerability has been resolved: regulator: core: Use different devices for resource allocation and DT lookup Following by the below discussion, there's the potential UAF issue between regulator and mfd. https://lore.k... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53742

    In the Linux kernel, the following vulnerability has been resolved: kcsan: Avoid READ_ONCE() in read_instrumented_memory() Haibo Li reported: | Unable to handle kernel paging request at virtual address | ffffff802a0d8d7171 | Mem abort info:o: | ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53759

    In the Linux kernel, the following vulnerability has been resolved: HID: hidraw: fix data race on device refcount The hidraw_open() function increments the hidraw device reference counter. The counter has no dedicated synchronization mechanism, resultin... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2023-53747

    In the Linux kernel, the following vulnerability has been resolved: vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF After a call to console_unlock() in vcs_write() the vc_data struct can be freed by vc_port_destruct(). Becau... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53761

    In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Fix direction for 0-length ioctl control messages The syzbot fuzzer found a problem in the usbtmc driver: When a user submits an ioctl for a 0-length control transfer, the ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025

  • 0.0

    NA
    CVE-2023-53762

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync Use-after-free can occur in hci_disconnect_all_sync if a connection is deleted by concurrent processing of a controller event. T... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50622

    In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential memory leak in ext4_fc_record_modified_inode() As krealloc may return NULL, in this case 'state->fc_modified_inodes' may not be freed by krealloc, but 'state->fc_mod... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50626

    In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: fix memory leak in dvb_usb_adapter_init() Syzbot reports a memory leak in "dvb_usb_adapter_init()". The leak is due to not accounting for and freeing current iteration's... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50629

    In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: Fix memory leak in rsi_coex_attach() The coex_cb needs to be freed when rsi_create_kthread() failed in rsi_coex_attach().... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-66461

    FULLBACK Manager Pro provided by GS Yuasa International Ltd. registers two Windows services with unquoted file paths. A user may execute arbitrary code with SYSTEM privilege if he/she has the write permission on the path to the directory where the affect... Read more

    Affected Products :
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Misconfiguration

  • 7.0

    HIGH
    CVE-2025-42616

    Some endpoints in vulnerability-lookup that modified application state (e.g. changing database entries, user data, configurations, or other privileged actions) may have been accessible via HTTP GET requests without requiring a CSRF token. This flaw lea... Read more

    Affected Products :
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 0.0

    NA
    CVE-2025-40320

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential cfid UAF in smb2_query_info_compound When smb2_query_info_compound() retries, a previously allocated cfid may have been freed in the first attempt. Because cf... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4777 Results