Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-33204

    NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of pr... Read more

    Affected Products : nemo
    • Published: Nov. 25, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-33195

    NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause unexpected memory buffer operations. A successful exploit of this vulnerability might lead to data tampering, denial of service, or escalation of privileges.... Read more

    Affected Products : dgx_os dgx_spark
    • Published: Nov. 25, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-33196

    NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure.... Read more

    Affected Products : dgx_os dgx_spark
    • Published: Nov. 25, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-33197

    NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a NULL pointer dereference. A successful exploit of this vulnerability might lead to denial of service.... Read more

    Affected Products : dgx_os dgx_spark
    • Published: Nov. 25, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Denial of Service

  • 3.3

    LOW
    CVE-2025-33198

    NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure.... Read more

    Affected Products : dgx_os dgx_spark
    • Published: Nov. 25, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Information Disclosure

  • 3.8

    LOW
    CVE-2025-33199

    NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. A successful exploit of this vulnerability might lead to data tampering.... Read more

    Affected Products : dgx_os dgx_spark
    • Published: Nov. 25, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 3.3

    LOW
    CVE-2025-33200

    NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure.... Read more

    Affected Products : dgx_os dgx_spark
    • Published: Nov. 25, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-10101

    Heap-based Buffer Overflow, Out-of-bounds Write vulnerability in Avast Antivirus on MacOS of a crafted Mach-O file may allow Local Execution of Code or Denial of Service of antivirus protection. This issue affects Antivirus: from 15.7 before 3.9.2025.... Read more

    Affected Products : antivirus
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2024-45370

    An authentication bypass vulnerability exists in the User profile management functionality of Socomec Easy Config System 2.6.1.0. A specially crafted database record can lead to unauthorized access. An attacker can modify a local database to trigger this ... Read more

    Affected Products :
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Authentication

  • 4.9

    MEDIUM
    CVE-2025-12630

    The Upload.am WordPress plugin before 1.0.1 is vulnerable to arbitrary option disclosure due to a missing capability check on its AJAX request handler, allowing users such as contributor to view site options.... Read more

    Affected Products :
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-13875

    A weakness has been identified in Yohann0617 oci-helper up to 3.2.4. This issue affects the function addCfg of the file src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java of the component OCI Configuration Upload. Executing manipulation o... Read more

    Affected Products :
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Path Traversal

  • 8.6

    HIGH
    CVE-2025-13829

    Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in user to obtain the private information of any other user. Critical information retrieved: * APIKEY (1 year user Session) * RefreshToken (10 minutes us... Read more

    Affected Products :
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2025-34297

    KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kiss_fft_alloc() in kiss_fft.c on platforms where size_t is 32-bit. The nfft parameter is not validated before being used in a size calculation (sizeof(kiss_fft_cpx) * (nfft ... Read more

    Affected Products :
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-41086

    Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the... Read more

    Affected Products : gams
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-66400

    mdast-util-to-hast is an mdast utility to transform to hast. From 13.0.0 to before 13.2.1, multiple (unprefixed) classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appe... Read more

    Affected Products :
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-7007

    NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3.... Read more

    Affected Products : antivirus
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-13876

    A security vulnerability has been detected in Rareprob HD Video Player All Formats App 12.1.372 on Android. Impacted is an unknown function of the component com.rocks.music.videoplayer. The manipulation leads to path traversal. The attack needs to be perf... Read more

    Affected Products :
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Path Traversal

  • 4.0

    MEDIUM
    CVE-2025-41743

    Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the architecture and internal processes.... Read more

    Affected Products :
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Cryptography

  • 8.7

    HIGH
    CVE-2025-66410

    Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete a... Read more

    Affected Products : gin-vue-admin
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-13295

    Insertion of Sensitive Information Into Sent Data vulnerability in Argus Technology Inc. BILGER allows Choosing Message Identifier.This issue affects BILGER: before 2.4.9.... Read more

    Affected Products :
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 4915 Results