Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2025-59692

    PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the system's existing iptables rules and apply default ACCEPT policies when connecting to a VPN server. This removes firewall rules that may have been configured... Read more

    Affected Products : purevpn
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 3.7

    LOW
    CVE-2025-30187

    In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an... Read more

    Affected Products : dnsdist
    • Published: Sep. 18, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Denial of Service

  • 3.7

    LOW
    CVE-2025-51586

    An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers to gain sensitive information via the reset password feature.... Read more

    Affected Products : prestashop
    • Published: Sep. 08, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2024-48341

    dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addShop... Read more

    Affected Products : dingfanzu
    • Published: Sep. 08, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 3.5

    LOW
    CVE-2025-58816

    Missing Authorization vulnerability in Plugin Devs Product Carousel Slider for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Carousel Slider for Elementor: from n/a through 2.1.3.... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authorization

  • 3.5

    LOW
    CVE-2025-26710

    There is an an information disclosure vulnerability in ZTE T5400. Due to improper configuration of the access control mechanism, attackers can obtain information through interfaces without authorization, causing the risk of information disclosure.... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2025-3650

    The jQuery Colorbox WordPress plugin through 4.6.3 uses the colorbox library, which does not sanitize title attributes on links before using them, allowing users with at least the contributor role to conduct XSS attacks against administrators.... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.4

    LOW
    CVE-2025-42927

    SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would allow user with high system privileges to access and modif... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cryptography

  • 3.4

    LOW
    CVE-2025-48979

    An Improper Input Validation in UISP Application could allow a Command Injection by a malicious actor with High Privileges and local access.... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Injection

  • 3.3

    LOW
    CVE-2025-23339

    NVIDIA CUDA Toolkit for all platforms contains a vulnerability in cuobjdump where an attacker may cause a stack-based buffer overflow by getting the user to run cuobjdump on a malicious ELF file. A successful exploit of this vulnerability may lead to arbi... Read more

    Affected Products : cuda_toolkit
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 3.3

    LOW
    CVE-2025-23308

    NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where an attacker may cause a heap-based buffer overflow by getting the user to run nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitra... Read more

    Affected Products : cuda_toolkit
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 3.3

    LOW
    CVE-2025-23338

    NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where a user may cause an out-of-bounds write by running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service.... Read more

    Affected Products : cuda_toolkit
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 3.3

    LOW
    CVE-2025-43344

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 26, watchOS 26, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to cause unexpected system termination.... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Sep. 15, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Memory Corruption

  • 3.3

    LOW
    CVE-2025-59349

    Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, DragonFly2 uses the os.MkdirAll function to create certain directory paths with specific access permissions. This function does not perform any permissi... Read more

    Affected Products : dragonfly
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Misconfiguration

  • 3.3

    LOW
    CVE-2025-23346

    NVIDIA CUDA Toolkit contains a vulnerability in cuobjdump, where an unprivileged user can cause a NULL pointer dereference. A successful exploit of this vulnerability may lead to a limited denial of service.... Read more

    Affected Products : cuda_toolkit
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Denial of Service

  • 3.3

    LOW
    CVE-2025-43283

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to cause unexpected system termination.... Read more

    Affected Products : macos
    • Published: Sep. 15, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Memory Corruption

  • 3.3

    LOW
    CVE-2025-23340

    NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of serv... Read more

    Affected Products : cuda_toolkit
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Denial of Service

  • 3.3

    LOW
    CVE-2025-23255

    NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary where a user may cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability may lead to a partial denial of se... Read more

    Affected Products : cuda_toolkit
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2025-43301

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access contact info related to notifications in Notification Center.... Read more

    Affected Products : macos
    • Published: Sep. 15, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2025-26419

    In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitatio... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authentication
Showing 20 of 4385 Results