Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2025-64773

    In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit... Read more

    Affected Products : youtrack
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Race Condition

  • 6.8

    MEDIUM
    CVE-2025-27249

    Uncontrolled resource consumption for some Gaudi software before version 1.21.0 within Ring 3: User Applications may allow a denial of service. System software adversary with an authenticated user combined with a low complexity attack may enable denial of... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Denial of Service

  • 6.7

    MEDIUM
    CVE-2025-25059

    Uncontrolled search path for some Intel(R) One Boot Flash Update (Intel(R) OFU) software before version 14.1.31 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Path Traversal

  • 5.9

    MEDIUM
    CVE-2025-12101

    Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.5

    HIGH
    CVE-2025-20010

    Use of unmaintained third party components for some Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a... Read more

    Affected Products : processor_identification_utility
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Supply Chain

  • 6.7

    MEDIUM
    CVE-2025-27711

    Incorrect default permissions for some Intel(R) One Boot Flash Update (Intel(R) OFU) software before version 14.1.31 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2025-11084

    A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability occurs when MFA is enabled but not completed within a 7-da... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-24838

    Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexit... Read more

    Affected Products : computing_improvement_program
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-24299

    Improper input validation for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity at... Read more

    Affected Products : computing_improvement_program
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-12942

    Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.... Read more

    Affected Products : r6260_firmware
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2025-13032

    Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3  on windows allows local attacker to escalate privelages via pool overflow.... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2025-27246

    Incorrect default permissions for the Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexi... Read more

    Affected Products : processor_identification_utility
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-27713

    Out-of-bounds write for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable ... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 5.7

    MEDIUM
    CVE-2025-27712

    Improper neutralization for some Intel(R) Neural Compressor software before version v3.4 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attac... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2025-32446

    Untrusted pointer dereference for some Intel QuickAssist Technology software before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a low complexity at... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-32091

    Incorrect default permissions in some firmware for the Intel(R) Arc(TM) B-series GPUs within Ring 1: Device Drivers may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable esc... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2025-31931

    Uncontrolled search path for the Instrumentation and Tracing Technology API (ITT API) software before version 3.25.4 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Path Traversal

  • 6.7

    MEDIUM
    CVE-2025-31645

    Uncontrolled search path for some System Event Log Viewer Utility software for all versions within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity a... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Path Traversal

  • 6.4

    MEDIUM
    CVE-2025-12667

    The GitHub Gist Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'gist' shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it ... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2025-30255

    Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity ... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Denial of Service
Showing 20 of 3923 Results