Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2025-23271

    NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of serv... Read more

    Affected Products : cuda_toolkit
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 5.7

    MEDIUM
    CVE-2025-23272

    NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to information disclosure or denial of service.... Read more

    Affected Products : cuda_toolkit
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2025-23338

    NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where a user may cause an out-of-bounds write by running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service.... Read more

    Affected Products : cuda_toolkit
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2025-60020

    nncp before 8.12.0 allows path traversal (for reading or writing) during freqing and file saving via a crafted path in packet data.... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Path Traversal

  • 5.8

    MEDIUM
    CVE-2025-20339

    A vulnerability in the access control list (ACL) processing of IPv4 packets of Cisco SD-WAN vEdge Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the improper enforcement of the implicit... Read more

    Affected Products : sd-wan_vedge_router
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-43779

    A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code via _com_liferay... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 10.0

    CRITICAL
    CVE-2025-9846

    Unrestricted Upload of File with Dangerous Type vulnerability in TalentSys Consulting Information Technology Industry Inc. Inka.Net allows Command Injection.This issue affects Inka.Net: before 6.7.1.... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2017-20200

    A vulnerability has been found in Coinomi up to 1.7.6. This issue affects some unknown processing. Such manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. This attack is characterized by high comple... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-39880

    In the Linux kernel, the following vulnerability has been resolved: libceph: fix invalid accesses to ceph_connection_v1_info There is a place where generic code in messenger.c is reading and another place where it is writing to con->v1 union member with... Read more

    Affected Products : linux_kernel
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39869

    In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map Fix a critical memory allocation bug in edma_setup_from_hw() where queue_priority_map was allocated with insuffici... Read more

    Affected Products : linux_kernel
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-7106

    danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The `checkAccess` function in `api/server/middleware/roles/access.js` uses `permissions.some()` to validate permissions, which incorrectly gr... Read more

    Affected Products : librechat
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-39874

    In the Linux kernel, the following vulnerability has been resolved: macsec: sync features on RTM_NEWLINK Syzkaller managed to lock the lower device via ETHTOOL_SFEATURES: netdev_lock include/linux/netdevice.h:2761 [inline] netdev_lock_ops include/net... Read more

    Affected Products : linux_kernel
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-39873

    In the Linux kernel, the following vulnerability has been resolved: can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB can_put_echo_skb() takes ownership of the SKB and it may be freed during or after the call. However, xilinx_c... Read more

    Affected Products : linux_kernel
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39882

    In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: fix potential OF node use-after-free The for_each_child_of_node() helper drops the reference it takes to each node as it iterates over children and an explicit of_node_put... Read more

    Affected Products : linux_kernel
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-9321

    The WPCasa plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.4.1. This is due to insufficient input validation and restriction on the 'api_requests' function. This makes it possible for unauthenticated attackers ... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-9342

    Authorization Bypass Through User-Controlled Key vulnerability in Anadolu Hayat Emeklilik Inc. AHE Mobile allows Privilege Abuse.This issue affects AHE Mobile: from 1.9.7 before 1.9.9.... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-58915

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emarket-design YouTube Showcase youtube-showcase allows Stored XSS.This issue affects YouTube Showcase: from n/a through 3.5.0.... Read more

    Affected Products : youtube_video_gallery
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-42907

    SAP BI Platform allows an attacker to modify the IP address of the LogonToken for the OpenDoc. On accessing the modified link in the browser a different server could get the ping request. This has low impact on integrity with no impact on confidentiality ... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Server-Side Request Forgery

  • 0.0

    NA
    CVE-2025-39870

    In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix double free in idxd_setup_wqs() The clean up in idxd_setup_wqs() has had a couple bugs because the error handling is a bit subtle. It's simpler to just re-write it... Read more

    Affected Products : linux_kernel
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 8.2

    HIGH
    CVE-2025-21484

    Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 4506 Results