Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-39946

    In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus Normally we wait for the socket to buffer up the whole record before we service it. If the socket has a tiny buffer, however, we ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-39953

    In the Linux kernel, the following vulnerability has been resolved: cgroup: split cgroup_destroy_wq into 3 workqueues A hung task can occur during [1] LTP cgroup testing when repeatedly mounting/unmounting perf_event and net_prio controllers with system... Read more

    Affected Products : linux_kernel
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-39949

    In the Linux kernel, the following vulnerability has been resolved: qed: Don't collect too many protection override GRC elements In the protection override dump path, the firmware can return far too many GRC elements, resulting in attempting to write pa... Read more

    Affected Products : linux_kernel
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-39945

    In the Linux kernel, the following vulnerability has been resolved: cnic: Fix use-after-free bugs in cnic_delete_task The original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(), which does not guarantee that the delayed work item 'delete_ta... Read more

    Affected Products : linux_kernel
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-39943

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer If data_offset and data_length of smb_direct_data_transfer struct are invalid, out of bounds iss... Read more

    Affected Products : linux_kernel
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-39938

    In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed If earlier opening of source graph fails (e.g. ADSP rejects due to incorrect audioreach topology), the ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39935

    In the Linux kernel, the following vulnerability has been resolved: ASoC: codec: sma1307: Fix memory corruption in sma1307_setting_loaded() The sma1307->set.header_size is how many integers are in the header (there are 8 of them) but instead of allocati... Read more

    Affected Products : linux_kernel
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39931

    In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Set merge to zero early in af_alg_sendmsg If an error causes af_alg_sendmsg to abort, ctx->merge may contain a garbage value from the previous loop. This may then trig... Read more

    Affected Products : linux_kernel
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Cryptography

  • 6.4

    MEDIUM
    CVE-2025-10383

    The Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple form field parameters in all versions up to, and including, 27.0.2. This is due to insufficient input sanitizat... Read more

    Affected Products :
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-39941

    In the Linux kernel, the following vulnerability has been resolved: zram: fix slot write race condition Parallel concurrent writes to the same zram index result in leaked zsmalloc handles. Schematically we can have something like this: CPU0 ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-39940

    In the Linux kernel, the following vulnerability has been resolved: dm-stripe: fix a possible integer overflow There's a possible integer overflow in stripe_io_hints if we have too large chunk size. Test if the overflow happened, and if it did, don't se... Read more

    Affected Products : linux_kernel
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39937

    In the Linux kernel, the following vulnerability has been resolved: net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer Since commit 7d5e9737efda ("net: rfkill: gpio: get the name and type from device property") rfkill_find_type() ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39934

    In the Linux kernel, the following vulnerability has been resolved: drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ If the interrupt occurs before resource initialization is complete, the interrupt handler/worker may access uninitializ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50492

    In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix use-after-free on probe deferral The bridge counter was never reset when tearing down the DRM device so that stale pointers to deallocated structures would be accessed on t... Read more

    Affected Products : linux_kernel
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50485

    In the Linux kernel, the following vulnerability has been resolved: ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode There are many places that will get unhappy (and crash) when ext4_iget() returns a bad inode. However, if iget the boot load... Read more

    Affected Products : linux_kernel
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50479

    In the Linux kernel, the following vulnerability has been resolved: drm/amd: fix potential memory leak This patch fix potential memory leak (clk_src) when function run into last return NULL. s/free/kfree/ - Alex... Read more

    Affected Products : linux_kernel
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50474

    In the Linux kernel, the following vulnerability has been resolved: macintosh: fix possible memory leak in macio_add_one_device() Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated d... Read more

    Affected Products : linux_kernel
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50471

    In the Linux kernel, the following vulnerability has been resolved: xen/gntdev: Accommodate VMA splitting Prior to this commit, the gntdev driver code did not handle the following scenario correctly with paravirtualized (PV) Xen domains: * User process... Read more

    Affected Products : linux_kernel
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39933

    In the Linux kernel, the following vulnerability has been resolved: smb: client: let recv_done verify data_offset, data_length and remaining_data_length This is inspired by the related server fixes.... Read more

    Affected Products : linux_kernel
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025

  • 8.1

    HIGH
    CVE-2025-9243

    The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorizedmodification of data due to a missing capability check on the get_cc_orders and update_order_status functions in all versions up to, and including, 3.5.32. This makes it possibl... Read more

    Affected Products : cost_calculator_builder
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Authorization
Showing 20 of 4079 Results