Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.2

    LOW
    CVE-2025-53411

    An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or proce... Read more

    Affected Products : file_station
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Denial of Service

  • 0.6

    LOW
    CVE-2025-53412

    A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in... Read more

    Affected Products : file_station
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2022-50561

    In the Linux kernel, the following vulnerability has been resolved: iio: fix memory leak in iio_device_register_eventset() When iio_device_register_sysfs_group() returns failed, iio_device_register_eventset() needs to free attrs array. Otherwise, kmeml... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50575

    In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() As 'kdata.num' is user-controlled data, if user tries to allocate memory larger than(>=) MAX_ORDER, then kcalloc() w... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025

  • 0.0

    NA
    CVE-2022-50581

    In the Linux kernel, the following vulnerability has been resolved: hfs: fix OOB Read in __hfs_brec_find Syzbot reported a OOB read bug: ================================================================== BUG: KASAN: slab-out-of-bounds in hfs_strcmp+0x1... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-11460

    Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video file. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53692

    In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline Syzbot found the following issue: loop0: detected capacity change from 0 to 2048 EXT4-fs (loop0): mounted filesys... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53723

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend sdma_v4_0_ip is shared on a few asics, but in sdma_v4_0_hw_fini, driver unconditionally disables ecc_irq which ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2023-53724

    In the Linux kernel, the following vulnerability has been resolved: mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() `req` is allocated in pcf50633_adc_async_read(), but adc_enqueue_request() could fail to insert the `req` into queu... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-63640

    Sourcecodester Medicine Reminder App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Medicine Name" and "Notes (Optional)" fields when creating an "Upcoming Reminder", allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2023-53728

    In the Linux kernel, the following vulnerability has been resolved: posix-timers: Ensure timer ID search-loop limit is valid posix_timer_add() tries to allocate a posix timer ID by starting from the cached ID which was stored by the last successful allo... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-63147

    Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the deviceId parameter of the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products :
    • Published: Nov. 10, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-11209

    Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-63638

    Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Task Title" and "Description (Optional)" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code tha... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-63639

    The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting (XSS) due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which ex... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-11211

    Out of bounds read in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-11207

    Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NONE
    CVE-2025-1680

    An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in Moxa’s Ethernet switches, which allows attackers with administrative privileges to manipulate HTTP Host headers by injecting a specially crafted Host header ... Read more

    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-40019

    In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption Move the ssize check to the start in essiv_aead_crypt so that it's also checked for decryption and in-place encryption... Read more

    Affected Products : linux_kernel
    • Published: Oct. 24, 2025
    • Modified: Oct. 29, 2025
    • Vuln Type: Cryptography

  • 0.0

    NA
    CVE-2025-63543

    TechStore 1.0 is vulnerable to Cross Site Scripting (XSS) in the /search_results endpoint via the q parameter.... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3675 Results