Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-39699

    In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: prevent NULL deref in iova_to_phys The riscv_iommu_pte_fetch() function returns either NULL for unmapped/never-mapped iova, or a valid leaf pte pointer that requires no fur... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39676

    In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Prevent a potential error pointer dereference The qla4xxx_get_ep_fwdb() function is supposed to return NULL on error, but qla4xxx_ep_connect() returns error pointers. Pr... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38736

    In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Syzbot reported shift-out-of-bounds exception on MDIO bus initialization. The PHY address should be masked to 5 ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-39713

    In the Linux kernel, the following vulnerability has been resolved: media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() In the interrupt handler rain_interrupt(), the buffer full check on rain->buf_len is performed before acquiring rain... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-39724

    In the Linux kernel, the following vulnerability has been resolved: serial: 8250: fix panic due to PSLVERR When the PSLVERR_RESP_EN parameter is set to 1, the device generates an error response if an attempt is made to read an empty RBR (Receive Buffer ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-39723

    In the Linux kernel, the following vulnerability has been resolved: netfs: Fix unbuffered write error handling If all the subrequests in an unbuffered write stream fail, the subrequest collector doesn't update the stream->transferred value and it retain... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-39722

    In the Linux kernel, the following vulnerability has been resolved: crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP Since the CAAM on these SoCs is managed by another ARM core, called the SECO (Security Controller) on iMX8QM and Secure Enc... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-39714

    In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Lock resolution while streaming When an program is streaming (ffplay) and another program (qv4l2) changes the TV standard from NTSC to PAL, the kernel crashes due to tryin... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-39709

    In the Linux kernel, the following vulnerability has been resolved: media: venus: protect against spurious interrupts during probe Make sure the interrupt handler is initialized before the interrupt is registered. If the IRQ is registered before hfi_cr... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-39704

    In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix stack protector issue in send_ipi_data() Function kvm_io_bus_read() is called in function send_ipi_data(), buffer size of parameter *val should be at least 8 bytes. ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39702

    In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-50972

    SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmpl_id parameter to index.php. Three techniques have been demonstrated: error-based injection using a crafted FLOOR-based payload,... Read more

    Affected Products : abantecart
    • Published: Aug. 27, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-9675

    A vulnerability was determined in Voice Changer App up to 1.1.0. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.tuyangkeji.changevoice. Executing manipulation can lead to improper export of android applicat... Read more

    Affected Products : android voice_changer
    • Published: Aug. 29, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Misconfiguration

  • 5.0

    MEDIUM
    CVE-2025-20348

    A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected dev... Read more

    Affected Products : nexus_dashboard
    • Published: Aug. 27, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-20347

    A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected dev... Read more

    Affected Products : nexus_dashboard
    • Published: Aug. 27, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-20344

    A vulnerability in the backup restore functionality of Cisco Nexus Dashboard could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. This vulnerability is due to insufficient validation of the contents of... Read more

    Affected Products : nexus_dashboard
    • Published: Aug. 27, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-57833

    An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.a... Read more

    Affected Products : django
    • Published: Sep. 03, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-9676

    A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to improper export of android application components. Local ... Read more

    Affected Products : universe
    • Published: Aug. 29, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-9677

    A security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. The affected element is an unknown function of the file AndroidManifest.xml of the component com.duige.hzw.multilingual. The manipulation results in improper export of android ... Read more

    Affected Products : android legend_of_the_phoenix
    • Published: Aug. 29, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-9726

    A security flaw has been discovered in Campcodes Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /review.php. The manipulation of the argument pid results in sql injection. The attack may be launched remo... Read more

    Affected Products : farm_management_system
    • Published: Aug. 31, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Injection
Showing 20 of 4304 Results