Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-40070

    In the Linux kernel, the following vulnerability has been resolved: pps: fix warning in pps_register_cdev when register device fail Similar to previous commit 2a934fdb01db ("media: v4l2-dev: fix error handling in __video_register_device()"), the release... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40072

    In the Linux kernel, the following vulnerability has been resolved: fanotify: Validate the return value of mnt_ns_from_dentry() before dereferencing The function do_fanotify_mark() does not validate if mnt_ns_from_dentry() returns NULL before dereferenc... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-9313

    An unauthenticated user can connect to a publicly accessible database using arbitrary credentials. The system grants full access to the database by leveraging a previously authenticated connection through a "mmBackup" application. This flaw allows attacke... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-40073

    In the Linux kernel, the following vulnerability has been resolved: drm/msm: Do not validate SSPP when it is not ready Current code will validate current plane and previous plane to confirm they can share a SSPP with multi-rect mode. The SSPP is already... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40074

    In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dst_dev_rcu() Change icmpv4_xrlim_allow(), ip_defrag() to prevent possible UAF. Change ipmr_prepare_xmit(), ipmr_queue_fwd_xmit(), ip_mr_output(), ipv4_neigh_lookup()... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40031

    In the Linux kernel, the following vulnerability has been resolved: tee: fix register_shm_helper() In register_shm_helper(), fix incorrect error handling for a call to iov_iter_extract_pages(). A case is missing for when iov_iter_extract_pages() only go... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40032

    In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release The fields dma_chan_tx and dma_chan_rx of the struct pci_epf_test can be NULL even after EPF initialization. ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-12380

    Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability affects ... Read more

    Affected Products : firefox
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40054

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF issue in f2fs_merge_page_bio() As JY reported in bugzilla [1], Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 pc : [0xffffffe51d2494... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-40056

    In the Linux kernel, the following vulnerability has been resolved: vhost: vringh: Fix copy_to_iter return value check The return value of copy_to_iter can't be negative, check whether the copied length is equal to the requested length instead of checki... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40058

    In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Disallow dirty tracking if incoherent page walk Dirty page tracking relies on the IOMMU atomically updating the dirty bit in the paging-structure entry. For this operation t... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-40060

    In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: Return NULL pointer for allocation failures When the TRBE driver fails to allocate a buffer, it currently returns the error code "-ENOMEM". However, the caller etm_setu... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 7.6

    HIGH
    CVE-2025-41090

    microCLAUDIA in v3.2.0 and prior has an improper access control vulnerability. This flaw allows an authenticated user to perform unauthorized actions on other organizations' systems by sending direct API requests. To do so, the attacker can use organizat... Read more

    Affected Products : microclaudia
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-1038

    The “Diagnostics Tools” page of the web-based configuration utility does not properly validate user-controlled input, allowing an authenticated user with high privileges to inject commands into the command shell of the TropOS 4th Gen device. The injected ... Read more

    Affected Products : tropos_4th_gen
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-12344

    A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted u... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2025-61043

    An out-of-bounds read vulnerability has been discovered in Monkey's Audio 11.31, specifically in the CAPECharacterHelper::GetUTF16FromUTF8 function. The issue arises from improper handling of the length of the input UTF-8 string, causing the function to r... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 5.9

    MEDIUM
    CVE-2025-49042

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through 10.0.2.... Read more

    Affected Products : woocommerce
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.8

    LOW
    CVE-2025-62794

    GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than ... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 9.0

    CRITICAL
    CVE-2025-62368

    Taiga is an open source project management platform. In versions 6.8.3 and earlier, a remote code execution vulnerability exists in the Taiga API due to unsafe deserialization of untrusted data. This issue is fixed in version 6.9.0.... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-61598

    Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies p... Read more

    Affected Products : discourse
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 3839 Results