Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-60718

    Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : windows_11_24h2 windows_11_25h2
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025

  • 0.0

    NA
    CVE-2025-40155

    In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: debugfs: Fix legacy mode page table dump logic In legacy mode, SSPTPTR is ignored if TT is not 00b or 01b. SSPTPTR maybe uninitialized or zero in that case and may cause oop... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-60706

    Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally.... Read more

    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025

  • 8.7

    HIGH
    CVE-2025-62211

    Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.... Read more

    Affected Products : dynamics_365
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025

  • 6.8

    MEDIUM
    CVE-2025-40760

    A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly handle error messages and discloses sensitive password hash information when processing user authentication requests. This could allow... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-40173

    In the Linux kernel, the following vulnerability has been resolved: net/ip6_tunnel: Prevent perpetual tunnel growth Similarly to ipv4 tunnel, ipv6 version updates dev->needed_headroom, too. While ipv4 tunnel headroom adjustment growth was limited in com... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2025-40744

    A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11). Affected applications do not properly validate client certificates to connect to License Service endpoint. This could allow an unauthenticated remote attacker to p... Read more

    Affected Products : solid_edge_se2025
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-40151

    In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: No support of struct argument in trampoline programs The current implementation does not support struct argument. This causes a oops when running bpf selftest: $ ./te... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025

  • 0.0

    NA
    CVE-2025-40163

    In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Stop dl_server before CPU goes offline IBM CI tool reported kernel warning[1] when running a CPU removal operation through drmgr[2]. i.e "drmgr -c cpu -r -q 1" WARNING:... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-40112

    In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara The referenced commit introduced exception handlers on user-space memory references in copy_from_user and copy... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 4.4

    MEDIUM
    CVE-2025-12018

    The MembershipWorks – Membership, Events & Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.14 due to insufficient input sanitization and output escaping. This makes it ... Read more

    Affected Products :
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.6

    HIGH
    CVE-2025-64293

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Golemiq 0 Day Analytics allows SQL Injection.This issue affects 0 Day Analytics: from n/a through 4.0.0.... Read more

    Affected Products :
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-40827

    A vulnerability has been identified in Siemens Software Center (All versions < V3.5), Solid Edge SE2025 (All versions < V225.0 Update 10). The affected application is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code via ... Read more

    Affected Products : software_center solid_edge_se2025
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-40817

    A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-62203

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more

    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025

  • 0.0

    NA
    CVE-2025-40143

    In the Linux kernel, the following vulnerability has been resolved: bpf: dont report verifier bug for missing bpf_scc_visit on speculative path Syzbot generated a program that triggers a verifier_bug() call in maybe_exit_scc(). maybe_exit_scc() assumes ... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-60720

    Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025

  • 8.2

    HIGH
    CVE-2025-12998

    Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5.... Read more

    Affected Products :
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-40144

    In the Linux kernel, the following vulnerability has been resolved: nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe() devm_kcalloc() may fail. ndtest_probe() allocates three DMA address arrays (dcr_dma, label_dma, dimm_dma) and la... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-60707

    Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
Showing 20 of 3729 Results