Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-68310

    In the Linux kernel, the following vulnerability has been resolved: s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump Do not block PCI config accesses through pci_cfg_access_lock() when executing the s390 variant of PCI error recovery:... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-68290

    In the Linux kernel, the following vulnerability has been resolved: most: usb: fix double free on late probe failure The MOST subsystem has a non-standard registration function which frees the interface on registration failures and on deregistration. T... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68311

    In the Linux kernel, the following vulnerability has been resolved: tty: serial: ip22zilog: Use platform device for probing After commit 84a9582fd203 ("serial: core: Start managing serial controllers to enable runtime PM") serial drivers need to provide... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025

  • 0.0

    NA
    CVE-2025-68300

    In the Linux kernel, the following vulnerability has been resolved: fs/namespace: fix reference leak in grab_requested_mnt_ns lookup_mnt_ns() already takes a reference on mnt_ns. grab_requested_mnt_ns() doesn't need to take an extra reference.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025

  • 0.0

    NA
    CVE-2025-68285

    In the Linux kernel, the following vulnerability has been resolved: libceph: fix potential use-after-free in have_mon_and_osd_map() The wait loop in __ceph_open_session() can race with the client receiving a new monmap or osdmap shortly after the initia... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-68291

    In the Linux kernel, the following vulnerability has been resolved: mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). syzbot reported divide-by-zero in __tcp_select_window() by MPTCP socket. [0] We had a similar ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025

  • 0.0

    NA
    CVE-2025-68265

    In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin request_queue lifetime The namespaces can access the controller's admin request_queue, and stale references on the namespaces may exist after tearing down the controller... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68259

    In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced When re-injecting a soft interrupt from an INT3, INT0, or (select) INTn instruction, discard the exception and retry ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-68258

    In the Linux kernel, the following vulnerability has been resolved: comedi: multiq3: sanitize config options in multiq3_attach() Syzbot identified an issue [1] in multiq3_attach() that induces a task timeout due to open() or COMEDI_DEVCONFIG ioctl opera... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-68236

    In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: ufs-qcom: Fix UFS OCP issue during UFS power down (PC=3) According to UFS specifications, the power-off sequence for a UFS device includes: - Sending an SSU command with Po... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-68225

    In the Linux kernel, the following vulnerability has been resolved: lib/test_kho: check if KHO is enabled We must check whether KHO is enabled prior to issuing KHO commands, otherwise KHO internal data structures are not initialized.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Misconfiguration

  • 6.0

    MEDIUM
    CVE-2025-14761

    Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's meta... Read more

    Affected Products : aws_software_development_kit
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2025-26381

    Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information.... Read more

    Affected Products :
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Information Disclosure

  • 1.7

    LOW
    CVE-2025-66647

    RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS v2025... Read more

    Affected Products : riot
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-61736

    Successful exploitation of this vulnerability could result in the product failing to re-establish communication once the certificate expires.... Read more

    Affected Products :
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2022-23851

    Netaxis API Orchestrator (APIO) before 0.19.3 allows server side template injection (SSTI).... Read more

    Affected Products :
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-67493

    Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability cou... Read more

    Affected Products :
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authentication

  • 7.6

    HIGH
    CVE-2025-66029

    Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these h... Read more

    Affected Products : open_ondemand
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-14727

    A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    Affected Products : nginx_ingress_controller
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025

  • 6.8

    MEDIUM
    CVE-2025-68129

    Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as A... Read more

    Affected Products : auth0
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authentication
Showing 20 of 5299 Results