Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-56760

    When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server.... Read more

    Affected Products : memos
    • Published: Sep. 03, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2025-56761

    Memos 0.22 is vulnerable to Stored Cross site scripting (XSS) vulnerabilities by the upload attachment and user avatar features. Memos does not verify the content type of the uploaded data and serve it back as is. An authenticated attacker can use this to... Read more

    Affected Products : memos
    • Published: Sep. 03, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-20280

    A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of ... Read more

    • Published: Sep. 03, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-20270

    A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulner... Read more

    • Published: Sep. 03, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-50434

    A security issue has been identified in Appian Enterprise Business Process Management version 25.3. The vulnerability is related to incorrect access control, which under certain conditions could allow unauthorized access to information. NOTE: this has bee... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-22956

    OPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalation if any ProductPropertyState contains a secret only intended to be accessible by a subset of clients. One exampl... Read more

    Affected Products :
    • Published: Sep. 08, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-20287

    A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation o... Read more

    • Published: Sep. 03, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-20291

    A vulnerability in Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to redirect a targeted Webex Meetings user to an untrusted website. Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no customer ... Read more

    Affected Products : webex_meetings
    • Published: Sep. 03, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-10065

    A weakness has been identified in itsourcecode POS Point of Sale System 1.0. Impacted is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/dom_data_th.php. This manipulation of the argument scripts causes cross site... Read more

    Affected Products : point_of_sale_system
    • Published: Sep. 07, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-10066

    A security vulnerability has been detected in itsourcecode POS Point of Sale System 1.0. The affected element is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/dymanic_table.php. Such manipulation of the argument... Read more

    Affected Products : point_of_sale_system
    • Published: Sep. 07, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-38556

    In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quan... Read more

    Affected Products : linux_kernel
    • Published: Aug. 19, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-38502

    In the Linux kernel, the following vulnerability has been resolved: bpf: Fix oob access in cgroup local storage Lonial reported that an out-of-bounds access in cgroup local storage can be crafted via tail calls. Given two programs each utilizing a cgrou... Read more

    Affected Products : linux_kernel
    • Published: Aug. 16, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38453

    In the Linux kernel, the following vulnerability has been resolved: io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU syzbot reports that defer/local task_work adding via msg_ring can hit a request that has been freed: CPU: 1 UID: 0 PID: 1... Read more

    Affected Products : linux_kernel
    • Published: Jul. 25, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-38306

    In the Linux kernel, the following vulnerability has been resolved: fs/fhandle.c: fix a race in call of has_locked_children() may_decode_fh() is calling has_locked_children() while holding no locks. That's an oopsable race... The rest of the callers ar... Read more

    Affected Products : linux_kernel
    • Published: Jul. 10, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-38272

    In the Linux kernel, the following vulnerability has been resolved: net: dsa: b53: do not enable EEE on bcm63xx BCM63xx internal switches do not support EEE, but provide multiple RGMII ports where external PHYs may be connected. If one of these PHYs are... Read more

    Affected Products : linux_kernel
    • Published: Jul. 10, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38148

    In the Linux kernel, the following vulnerability has been resolved: net: phy: mscc: Fix memory leak when using one step timestamping Fix memory leak when running one-step timestamping. When running one-step sync timestamping, the HW is configured to ins... Read more

    Affected Products : linux_kernel
    • Published: Jul. 03, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38095

    In the Linux kernel, the following vulnerability has been resolved: dma-buf: insert memory barrier before updating num_fences smp_store_mb() inserts memory barrier after storing operation. It is different with what the comment is originally aiming so Nu... Read more

    Affected Products : linux_kernel
    • Published: Jul. 03, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37968

    In the Linux kernel, the following vulnerability has been resolved: iio: light: opt3001: fix deadlock due to concurrent flag access The threaded IRQ function in this driver is reading the flag twice: once to lock a mutex and once to unlock it. Even thou... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-37931

    In the Linux kernel, the following vulnerability has been resolved: btrfs: adjust subpage bit start based on sectorsize When running machines with 64k page size and a 16k nodesize we started seeing tree log corruption in production. This turned out to ... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-37842

    In the Linux kernel, the following vulnerability has been resolved: spi: fsl-qspi: use devm function instead of driver remove Driver use devm APIs to manage clk/irq/resources and register the spi controller, but the legacy remove function will be called... Read more

    Affected Products : linux_kernel
    • Published: May. 09, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293505 Results