Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2023-54040

    In the Linux kernel, the following vulnerability has been resolved: ice: fix wrong fallback logic for FDIR When adding a FDIR filter, if ice_vc_fdir_set_irq_ctx returns failure, the inserted fdir entry will not be removed and if ice_vc_fdir_write_fltr r... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-68355

    In the Linux kernel, the following vulnerability has been resolved: bpf: Fix exclusive map memory leak When excl_prog_hash is 0 and excl_prog_hash_size is non-zero, the map also needs to be freed. Otherwise, the map memory will not be reclaimed, just li... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2025-68665

    LangChain is a framework for building LLM-powered applications. Prior to @langchain/core versions 0.3.80 and 1.1.8, and prior to langchain versions 0.3.37 and 1.2.3, a serialization injection vulnerability exists in LangChain JS's toJSON() method (and sub... Read more

    Affected Products : langchain
    • Published: Dec. 23, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 7.0

    HIGH
    CVE-2025-68617

    FluidSynth is a software synthesizer based on the SoundFont 2 specifications. From versions 2.5.0 to before 2.5.2, a race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unl... Read more

    Affected Products : fluidsynth
    • Published: Dec. 23, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Race Condition

  • 9.3

    CRITICAL
    CVE-2025-68664

    LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' ... Read more

    Affected Products : langchain
    • Published: Dec. 23, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-12838

    MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An attacker must first obtain the ability to execute low-privileg... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-14929

    Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User... Read more

    Affected Products : transformers
    • Published: Dec. 23, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-14927

    Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to... Read more

    Affected Products : transformers
    • Published: Dec. 23, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 2.2

    LOW
    CVE-2025-57840

    ADB(Android Debug Bridge) is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.... Read more

    Affected Products : magicos
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-14930

    Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required... Read more

    Affected Products : transformers
    • Published: Dec. 23, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-14934

    NSF Unidata NetCDF-C Variable Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exp... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2025-14931

    Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face smolagents. Authentication... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-14401

    PDFsam Enhanced App Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in th... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption

  • 3.3

    LOW
    CVE-2025-14411

    Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit ... Read more

    Affected Products : soda_pdf_desktop
    • Published: Dec. 23, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-13773

    The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the 'WooCommerce_Delivery_Notes::update' function. This is due to missing capability check in th... Read more

    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2023-53996

    In the Linux kernel, the following vulnerability has been resolved: x86/sev: Make enc_dec_hypercall() accept a size instead of npages enc_dec_hypercall() accepted a page count instead of a size, which forced its callers to round up. As a result, non-pag... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-54006

    In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data-race around unix_tot_inflight. unix_tot_inflight is changed under spin_lock(unix_gc_lock), but unix_release_sock() reads it locklessly. Let's use READ_ONCE() for unix... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2023-54011

    In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix an issue found by KASAN Write only correct size (32 instead of 64 bytes).... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-54017

    In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: fix possible memory leak in ibmebus_bus_init() If device_register() returns error in ibmebus_bus_init(), name of kobject which is allocated in dev_set_name() called in ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-54018

    In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: Add missing check for alloc_ordered_workqueue Add check for the return value of alloc_ordered_workqueue as it may return NULL pointer and cause NULL pointer dereference in... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4730 Results