Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-60713

    Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025

  • 0.0

    NA
    CVE-2025-40174

    In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix SMP ordering in switch_mm_irqs_off() Stephen noted that it is possible to not have an smp_mb() between the loaded_mm store and the tlb_gen load in switch_mm(), meaning the o... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40138

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid NULL pointer dereference in f2fs_check_quota_consistency() syzbot reported a f2fs bug as below: Oops: gen[ 107.736417][ T5848] Oops: general protection fault, proba... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-12903

    The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaulted_nonce REST API endpoint in all versions up to, and including, 3.2.78. This is due... Read more

    Affected Products :
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-40135

    In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_xmit() Use RCU in ip6_xmit() in order to use dst_dev_rcu() to prevent possible UAF.... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40170

    In the Linux kernel, the following vulnerability has been resolved: net: use dst_dev_rcu() in sk_setup_caps() Use RCU to protect accesses to dst->dev from sk_setup_caps() and sk_dst_gso_max_size(). Also use dst_dev_rcu() in ip6_dst_mtu_maybe_forward(),... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025

  • 0.0

    NA
    CVE-2025-40112

    In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara The referenced commit introduced exception handlers on user-space memory references in copy_from_user and copy... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40160

    In the Linux kernel, the following vulnerability has been resolved: xen/events: Return -EEXIST for bound VIRQs Change find_virq() to return -EEXIST when a VIRQ is bound to a different CPU than the one passed in. With that, remove the BUG_ON() from bind... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-11566

    CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker on the local network to gain access to the user account by performing an arbitrary number of authentication attempts with different creden... Read more

    Affected Products :
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-11454

    The Specific Content For Mobile – Customize the mobile version without redirections plugin for WordPress is vulnerable to SQL Injection via the eos_scfm_duplicate_post_as_draft() function in all versions up to, and including, 0.5.5 due to insufficient esc... Read more

    Affected Products :
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-40165

    In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: m2m: Fix streaming cleanup on release If streamon/streamoff calls are imbalanced, such as when exiting an application with Ctrl+C when streaming, the m2m usage_cou... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-61830

    Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue requires user... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-60707

    Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025

  • 7.0

    HIGH
    CVE-2025-59515

    Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025

  • 0.0

    NA
    CVE-2025-40177

    In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix bootlog initialization ordering As soon as we queue MHI buffers to receive the bootlog from the device, we could be receiving data. Therefore all the resources needed to... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-40113

    In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom: pas: Shutdown lite ADSP DTB on X1E The ADSP firmware on X1E has separate firmware binaries for the main firmware and the DTB. The same applies for the "lite" firmware ... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2024-32011

    A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to run arbitrary commands via the user interface. This user interface can be used via the network and allows the execution... Read more

    Affected Products : spectrum_power_4
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-40175

    In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skb_get. It increases the reference counter for that ... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40158

    In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_output() Use RCU in ip6_output() in order to use dst_dev_rcu() to prevent possible UAF. We can remove rcu_read_lock()/rcu_read_unlock() pairs from ip6_finish_outpu... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025

  • 0.0

    NA
    CVE-2025-40163

    In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Stop dl_server before CPU goes offline IBM CI tool reported kernel warning[1] when running a CPU removal operation through drmgr[2]. i.e "drmgr -c cpu -r -q 1" WARNING:... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Denial of Service
Showing 20 of 3797 Results