Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-65085

    A Heap-based Buffer Overflow vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose information or execute arbitrary code.... Read more

    Affected Products : cobalt xenon argon lithium cobalt_share
    • Published: Nov. 25, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-65084

    An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose information or execute arbitrary code.... Read more

    Affected Products : cobalt xenon argon lithium cobalt_share
    • Published: Nov. 25, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2025-64066

    Primakon Pi Portal 1.0.18 REST /api/v2/user/register endpoint suffers from a Broken Access Control vulnerability. The endpoint fails to implement any authorization checks, allowing unauthenticated attackers to perform POST requests to register new user ac... Read more

    Affected Products : project_contract_management
    • Published: Nov. 25, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-64062

    The Primakon Pi Portal 1.0.18 /api/V2/pp_users?email endpoint is used for user data filtering but lacks proper server-side validation against the authenticated session. By manipulating the email parameter to an arbitrary value (e.g., [email protected]), ... Read more

    Affected Products : project_contract_management
    • Published: Nov. 25, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-33205

    NVIDIA NeMo framework contains a vulnerability in a predefined variable, where an attacker could cause inclusion of functionality from an untrusted control sphere by use of a predefined variable. A successful exploit of this vulnerability may lead to code... Read more

    Affected Products : nemo
    • Published: Nov. 25, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-33204

    NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of pr... Read more

    Affected Products : nemo
    • Published: Nov. 25, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Injection

  • 7.6

    HIGH
    CVE-2025-33203

    NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. A successful exploit of this vulnerability may lead to information disclosure and denial of service.... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Server-Side Request Forgery

  • 3.3

    LOW
    CVE-2025-33200

    NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure.... Read more

    Affected Products : dgx_os dgx_spark
    • Published: Nov. 25, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Information Disclosure

  • 3.8

    LOW
    CVE-2025-33199

    NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. A successful exploit of this vulnerability might lead to data tampering.... Read more

    Affected Products : dgx_os dgx_spark
    • Published: Nov. 25, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 3.3

    LOW
    CVE-2025-33198

    NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure.... Read more

    Affected Products : dgx_os dgx_spark
    • Published: Nov. 25, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-33197

    NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a NULL pointer dereference. A successful exploit of this vulnerability might lead to denial of service.... Read more

    Affected Products : dgx_os dgx_spark
    • Published: Nov. 25, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-33196

    NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure.... Read more

    Affected Products : dgx_os dgx_spark
    • Published: Nov. 25, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-33195

    NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause unexpected memory buffer operations. A successful exploit of this vulnerability might lead to data tampering, denial of service, or escalation of privileges.... Read more

    Affected Products : dgx_os dgx_spark
    • Published: Nov. 25, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-33194

    NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data. A successful exploit of this vulnerability might lead to information disclosure or denial of service.... Read more

    Affected Products : dgx_os dgx_spark
    • Published: Nov. 25, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2025-33193

    NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper validation of integrity. A successful exploit of this vulnerability might lead to information disclosure.... Read more

    Affected Products : dgx_os dgx_spark
    • Published: Nov. 25, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2025-33192

    NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory read. A successful exploit of this vulnerability might lead to denial of service.... Read more

    Affected Products : dgx_os dgx_spark
    • Published: Nov. 25, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 5.7

    MEDIUM
    CVE-2025-33191

    NVIDIA DGX Spark GB10 contains a vulnerability in OSROOT firmware, where an attacker could cause an invalid memory read. A successful exploit of this vulnerability might lead to denial of service.... Read more

    Affected Products : dgx_os dgx_spark
    • Published: Nov. 25, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-33190

    NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware where an attacker could cause an out-of-bound write. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, or escalation of privileges.... Read more

    Affected Products : dgx_os dgx_spark
    • Published: Nov. 25, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-33189

    NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an out-of-bound write. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, information disclosure, or e... Read more

    Affected Products : dgx_os dgx_spark
    • Published: Nov. 25, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.0

    HIGH
    CVE-2025-33188

    NVIDIA DGX Spark GB10 contains a vulnerability in hardware resources where an attacker could tamper with hardware controls. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service.... Read more

    Affected Products : dgx_os dgx_spark
    • Published: Nov. 25, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 4269 Results