Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-39686

    In the Linux kernel, the following vulnerability has been resolved: comedi: Make insn_rw_emulate_bits() do insn->n samples The `insn_rw_emulate_bits()` function is used as a default handler for `INSN_READ` instructions for subdevices that have a handler... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39684

    In the Linux kernel, the following vulnerability has been resolved: comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() syzbot reports a KMSAN kernel-infoleak in `do_insn_ioctl()`. A kernel buffer is allocated to hold `in... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-39683

    In the Linux kernel, the following vulnerability has been resolved: tracing: Limit access to parser->buffer when trace_get_user failed When the length of the string written to set_ftrace_filter exceeds FTRACE_BUFF_MAX, the following KASAN alarm will be ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39679

    In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). When the nvif_vmm_type is invalid, we will return error directly without freeing the args in nvif_vmm_ctor(), which leadi... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39678

    In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL If metric table address is not allocated, accessing metrics_bin will result in a NULL pointer dereference, so add a check... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39682

    In the Linux kernel, the following vulnerability has been resolved: tls: fix handling of zero-length records on the rx_list Each recvmsg() call must process either - only contiguous DATA records (any number of them) - one non-DATA record If the next ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025

  • 0.0

    NA
    CVE-2025-39677

    In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdisc_dequeue_internal This issue applies for the following qdiscs: hhf, fq, fq_codel, and fq_pie, and occurs in their change handlers when adjustin... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-39716

    In the Linux kernel, the following vulnerability has been resolved: parisc: Revise __get_user() to probe user read access Because of the way read access support is implemented, read access interruptions are only triggered at privilege levels 2 and 3. Th... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-39713

    In the Linux kernel, the following vulnerability has been resolved: media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() In the interrupt handler rain_interrupt(), the buffer full check on rain->buf_len is performed before acquiring rain... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Race Condition

  • 8.1

    HIGH
    CVE-2025-58437

    Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates ... Read more

    Affected Products :
    • Published: Sep. 06, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2025-10080

    A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart/security/src/main/java/datart/security/util/AESUtil.java of the component API. The manipulation leads to us... Read more

    Affected Products :
    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Cryptography

  • 0.0

    NA
    CVE-2025-39733

    In the Linux kernel, the following vulnerability has been resolved: team: replace team lock with rtnl lock syszbot reports various ordering issues for lower instance locks and team lock. Switch to using rtnl lock for protecting team device, similar to b... Read more

    Affected Products : linux_kernel
    • Published: Sep. 07, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-39729

    In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix dereferencing uninitialized error pointer Fix below smatch warnings: drivers/crypto/ccp/sev-dev.c:1312 __sev_platform_init_locked() error: we previously assumed 'error... Read more

    Affected Products : linux_kernel
    • Published: Sep. 07, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Cryptography

  • 0.0

    NA
    CVE-2025-39703

    In the Linux kernel, the following vulnerability has been resolved: net, hsr: reject HSR frame if skb can't hold tag Receiving HSR frame with insufficient space to hold HSR tag in the skb can result in a crash (kernel BUG): [ 45.390915] skbuff: skb_u... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-39673

    In the Linux kernel, the following vulnerability has been resolved: ppp: fix race conditions in ppp_fill_forward_path ppp_fill_forward_path() has two race conditions: 1. The ppp->channels list can change between list_empty() and list_first_entry(), ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-38737

    In the Linux kernel, the following vulnerability has been resolved: cifs: Fix oops due to uninitialised variable Fix smb3_init_transform_rq() to initialise buffer to NULL before calling netfs_alloc_folioq_buffer() as netfs assumes it can append to the b... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-10096

    A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack can be e... Read more

    Affected Products : sim
    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-9849

    The Html Social share buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zm_sh_btn' shortcode in all versions up to, and including, 2.1.16 due to insufficient input sanitization and output escaping on user supplied... Read more

    Affected Products :
    • Published: Sep. 06, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2025-9085

    The User Registration & Membership plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in version 4.3.0. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query... Read more

    Affected Products :
    • Published: Sep. 06, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-9493

    The Admin Menu Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping. This makes it possible for authe... Read more

    Affected Products :
    • Published: Sep. 06, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4410 Results