Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2025-9147

    A vulnerability has been found in jasonclark getsemantic up to 040c96eb8cf9947488bd01b8de99b607b0519f7d. The impacted element is an unknown function of the file /index.php. The manipulation of the argument view leads to cross site scripting. Remote exploi... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-9157

    A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use after free. It is possible... Read more

    Affected Products : tcpreplay
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-54411

    Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcome_banner.header.... Read more

    Affected Products : discourse
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-38570

    In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: unlink NAPIs from queues on error to open CI hit a UaF in fbnic in the AF_XDP portion of the queues.py test. The UaF is in the __sk_mark_napi_id_once() call in xsk_bind(), N... Read more

    Affected Products : linux_kernel
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38600

    In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off by one in mt7925_mcu_hw_scan() The ssid->ssids[] and sreq->ssids[] arrays have MT7925_RNR_SCAN_MAX_BSSIDS elements so this >= needs to be > to prevent an out... Read more

    Affected Products : linux_kernel
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-9150

    A vulnerability was identified in Surbowl dormitory-management-php up to 9f1d9d1f528cabffc66fda3652c56ff327fda317. Affected is an unknown function of the file /admin/violation_add.php?id=2. Such manipulation of the argument ID leads to sql injection. The ... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-4046

    A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-50579

    A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simp... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-51529

    Incorrect Access Control in the AJAX endpoint functionality in jonkastonka Cookies and Content Security Policy plugin through version 2.29 allows remote attackers to cause a denial of service (database server resource exhaustion) via unlimited database wr... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-51540

    EzGED3 3.5.0 stores user passwords using an insecure hashing scheme: md5(md5(password)). This hashing method is cryptographically weak and allows attackers to perform efficient offline brute-force attacks if password hashes are disclosed. The lack of salt... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cryptography

  • 0.0

    NA
    CVE-2025-38557

    In the Linux kernel, the following vulnerability has been resolved: HID: apple: validate feature-report field count to prevent NULL pointer dereference A malicious HID device with quirk APPLE_MAGIC_BACKLIGHT can trigger a NULL pointer dereference whilst... Read more

    Affected Products : linux_kernel
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38558

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Initialize frame-based format color matching descriptor Fix NULL pointer crash in uvcg_framebased_make due to uninitialized color matching descriptor for frame-based f... Read more

    Affected Products : linux_kernel
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38571

    In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tls_alert_recv due to its assumption that there is valid data in the msghdr's iterato... Read more

    Affected Products : linux_kernel
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38573

    In the Linux kernel, the following vulnerability has been resolved: spi: cs42l43: Property entry should be a null-terminated array The software node does not specify a count of property entries, so the array must be null-terminated. When unterminated, ... Read more

    Affected Products : linux_kernel
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38589

    In the Linux kernel, the following vulnerability has been resolved: neighbour: Fix null-ptr-deref in neigh_flush_dev(). kernel test robot reported null-ptr-deref in neigh_flush_dev(). [0] The cited commit introduced per-netdev neighbour list and conver... Read more

    Affected Products : linux_kernel
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-4690

    A regular expression used by AngularJS'  linky https://docs.angularjs.org/api/ngSanitize/filter/linky  filter to detect URLs in input text is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can cause a ... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-50461

    A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/model_merger.py script when using the "fsdp" backend. The script calls torch.load() with weights_only=False on user-supplied .pt files, allowing attackers to ex... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-50567

    Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (eval) modifier to interpolate SQL query parameters. This leads to injection of user-controlled SQL statemen... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-50938

    Cross site scripting (XSS) vulnerability in Hustoj 2025-01-31 via the TID parameter to thread.php.... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-38554

    In the Linux kernel, the following vulnerability has been resolved: mm: fix a UAF when vma->mm is freed after vma->vm_refcnt got dropped By inducing delays in the right places, Jann Horn created a reproducer for a hard to hit UAF issue that became possi... Read more

    Affected Products : linux_kernel
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293262 Results