Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-54251

    Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate XML queries and gain limited un... Read more

    • Published: Sep. 09, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: XML External Entity

  • 7.8

    HIGH
    CVE-2025-54913

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Sep. 09, 2025
    • Modified: Oct. 02, 2025

  • 7.8

    HIGH
    CVE-2025-54912

    Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Sep. 09, 2025
    • Modified: Oct. 02, 2025

  • 7.6

    HIGH
    CVE-2025-59251

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Sep. 24, 2025
    • Modified: Oct. 02, 2025

  • 6.7

    MEDIUM
    CVE-2025-54109

    Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Sep. 09, 2025
    • Modified: Oct. 02, 2025

  • 7.0

    HIGH
    CVE-2025-54108

    Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : windows_11_24h2 windows_server_2025
    • Published: Sep. 09, 2025
    • Modified: Oct. 02, 2025

  • 10.0

    CRITICAL
    CVE-2025-9588

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Iron Mountain Archiving Services Inc. EnVision allows Command Injection.This issue affects enVision: before 250563.... Read more

    Affected Products : linux_kernel envision
    • Published: Sep. 23, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-39885

    In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix recursive semaphore deadlock in fiemap call syzbot detected a OCFS2 hang due to a recursive semaphore on a FS_IOC_FIEMAP of the extent list on a specially crafted mmap file. ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 23, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-39883

    In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory When I did memory failure tests, below panic occurs: page dumped because: VM_BUG_ON_PAGE(PagePoisoned(pag... Read more

    Affected Products : linux_kernel
    • Published: Sep. 23, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-39880

    In the Linux kernel, the following vulnerability has been resolved: libceph: fix invalid accesses to ceph_connection_v1_info There is a place where generic code in messenger.c is reading and another place where it is writing to con->v1 union member with... Read more

    Affected Products : linux_kernel
    • Published: Sep. 23, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39876

    In the Linux kernel, the following vulnerability has been resolved: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() The function of_phy_find_device may return NULL, so we need to take care before dereferencing phy_dev.... Read more

    Affected Products : linux_kernel
    • Published: Sep. 23, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-39873

    In the Linux kernel, the following vulnerability has been resolved: can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB can_put_echo_skb() takes ownership of the SKB and it may be freed during or after the call. However, xilinx_c... Read more

    Affected Products : linux_kernel
    • Published: Sep. 23, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39869

    In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map Fix a critical memory allocation bug in edma_setup_from_hw() where queue_priority_map was allocated with insuffici... Read more

    Affected Products : linux_kernel
    • Published: Sep. 23, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38709

    In the Linux kernel, the following vulnerability has been resolved: loop: Avoid updating block size under exclusive owner Syzbot came up with a reproducer where a loop device block size is changed underneath a mounted filesystem. This causes a mismatch ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 04, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Race Condition

  • 8.2

    HIGH
    CVE-2025-33045

    APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure of Sensitive Information to an Unauthorized Actor” through local access. The successful exploitation of these vulnerabilities can lead... Read more

    Affected Products : aptio_v
    • Published: Sep. 09, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2025-1255

    Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9.... Read more

    Affected Products : connext_professional
    • Published: Sep. 23, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-4582

    Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 befo... Read more

    Affected Products : connext_professional
    • Published: Sep. 23, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-55322

    Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network.... Read more

    Affected Products : omniparser
    • Published: Sep. 24, 2025
    • Modified: Oct. 01, 2025

  • 4.7

    MEDIUM
    CVE-2025-47967

    Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.... Read more

    Affected Products : edge edge_chromium
    • Published: Sep. 16, 2025
    • Modified: Oct. 01, 2025

  • 4.0

    MEDIUM
    CVE-2025-49728

    Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally.... Read more

    Affected Products : pc_manager
    • Published: Sep. 16, 2025
    • Modified: Oct. 01, 2025
Showing 20 of 4473 Results