Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.8

HIGH

CVE-2025-64673

Improper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +1 more products
Published: Dec. 09, 2025

Modified: Dec. 10, 2025
9.0

CRITICAL

CVE-2025-64672

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network....

Affected Products : sharepoint_server
Published: Dec. 09, 2025

Modified: Dec. 12, 2025
8.4

HIGH

CVE-2025-64671

Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute code locally....

Affected Products : gihub_copilot_plugin_for_jetbrains_ides github_copilot
Published: Dec. 09, 2025

Modified: Dec. 12, 2025
6.5

MEDIUM

CVE-2025-64670

Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information over a network....

Affected Products : windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Dec. 09, 2025

Modified: Dec. 10, 2025
5.3

MEDIUM

CVE-2025-64667

User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network....

Affected Products : exchange_server_se exchange_server_2019 exchange_server_2016
Published: Dec. 09, 2025

Modified: Dec. 09, 2025
7.5

HIGH

CVE-2025-64666

Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network....

Affected Products : exchange_server_se exchange_server_2019 exchange_server_2016
Published: Dec. 09, 2025

Modified: Dec. 09, 2025
7.8

HIGH

CVE-2025-64661

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +3 more products
Published: Dec. 09, 2025

Modified: Dec. 10, 2025
7.5

HIGH

CVE-2025-64658

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Dec. 09, 2025

Modified: Dec. 09, 2025
7.5

HIGH

CVE-2025-64471

A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 throug...

Affected Products : fortiweb
Published: Dec. 09, 2025

Modified: Dec. 10, 2025

Vuln Type: Authentication
8.1

HIGH

CVE-2025-64447

A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an ...

Affected Products : fortiweb
Published: Dec. 09, 2025

Modified: Dec. 09, 2025

Vuln Type: Authentication
7.2

HIGH

CVE-2025-64156

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authent...

Affected Products : fortivoice
Published: Dec. 09, 2025

Modified: Dec. 10, 2025

Vuln Type: Injection
7.2

HIGH

CVE-2025-64153

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an auth...

Affected Products : fortiextender_firmware fortiextender fortiextender
Published: Dec. 09, 2025

Modified: Dec. 09, 2025

Vuln Type: Injection
7.5

HIGH

CVE-2025-64086

A NULL pointer dereference vulnerability in the util.readFileIntoStream component of PDF-XChange Editor v10.7.3.401 allows attackers to cause a Denial of Service (DoS) via a crafted input....

Affected Products : pdf-xchange_editor
Published: Dec. 09, 2025

Modified: Dec. 11, 2025

Vuln Type: Denial of Service
7.5

HIGH

CVE-2025-64085

A NULL pointer dereference vulnerability in the importDataObject() function of PDF-XChange Editor v10.7.3.401 allows attackers to cause a Denial of Service (DoS) via a crafted input....

Affected Products : pdf-xchange_editor
Published: Dec. 09, 2025

Modified: Dec. 10, 2025

Vuln Type: Denial of Service
5.6

MEDIUM

CVE-2025-62631

An insufficient session expiration vulnerability [CWE-613] in Fortinet FortiOS 7.4.0, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to maintain access to network resources via an active SSLVPN session not ter...

Affected Products : fortios
Published: Dec. 09, 2025

Modified: Dec. 09, 2025

Vuln Type: Authentication
7.0

HIGH

CVE-2025-62573

Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +3 more products
Published: Dec. 09, 2025

Modified: Dec. 10, 2025
7.8

HIGH

CVE-2025-62572

Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally....

Affected Products : windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Dec. 09, 2025

Modified: Dec. 10, 2025
7.8

HIGH

CVE-2025-62571

Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +8 more products
Published: Dec. 09, 2025

Modified: Dec. 10, 2025
7.1

HIGH

CVE-2025-62570

Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally....

Affected Products : windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Dec. 09, 2025

Modified: Dec. 10, 2025
7.0

HIGH

CVE-2025-62569

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Dec. 09, 2025

Modified: Dec. 12, 2025

Showing 20 of 4544 Results

Browse by Apps

Latest CVE Feed

7.8

9.0

8.4

6.5

5.3

7.5

7.8

7.5

7.5

8.1

7.2

7.2

7.5

7.5

5.6

7.0

7.8

7.8

7.1

7.0

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable