Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.0

    HIGH
    CVE-2025-42616

    Some endpoints in vulnerability-lookup that modified application state (e.g. changing database entries, user data, configurations, or other privileged actions) may have been accessible via HTTP GET requests without requiring a CSRF token. This flaw lea... Read more

    Affected Products :
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 0.0

    NA
    CVE-2023-53765

    In the Linux kernel, the following vulnerability has been resolved: dm cache: free background tracker's queued work in btracker_destroy Otherwise the kernel can BUG with: [ 2245.426978] ==================================================================... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2023-53761

    In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Fix direction for 0-length ioctl control messages The syzbot fuzzer found a problem in the usbtmc driver: When a user submits an ioctl for a 0-length control transfer, the ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025

  • 0.0

    NA
    CVE-2023-53760

    In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: mcq: Fix &hwq->cq_lock deadlock issue When ufshcd_err_handler() is executed, CQ event interrupt can enter waiting for the same lock. This can happen in ufshcd_handle_mc... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2022-50622

    In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential memory leak in ext4_fc_record_modified_inode() As krealloc may return NULL, in this case 'state->fc_modified_inodes' may not be freed by krealloc, but 'state->fc_mod... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53747

    In the Linux kernel, the following vulnerability has been resolved: vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF After a call to console_unlock() in vcs_write() the vc_data struct can be freed by vc_port_destruct(). Becau... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50630

    In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: fix UAF in hugetlb_handle_userfault The vma_lock and hugetlb_fault_mutex are dropped before handling userfault and reacquire them again after handle_userfault(), but reacqu... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50625

    In the Linux kernel, the following vulnerability has been resolved: serial: amba-pl011: avoid SBSA UART accessing DMACR register Chapter "B Generic UART" in "ARM Server Base System Architecture" [1] documentation describes a generic UART interface. Such... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2022-50626

    In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: fix memory leak in dvb_usb_adapter_init() Syzbot reports a memory leak in "dvb_usb_adapter_init()". The leak is due to not accounting for and freeing current iteration's... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50629

    In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: Fix memory leak in rsi_coex_attach() The coex_cb needs to be freed when rsi_create_kthread() failed in rsi_coex_attach().... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50623

    In the Linux kernel, the following vulnerability has been resolved: fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() The "hdr.count * sizeof(s32)" multiplication can overflow on 32 bit systems leading to memory corruption. Use array_size()... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-14254

    Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.... Read more

    Affected Products : vitals_enterprise_social_platform
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2025-14253

    Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files.... Read more

    Affected Products : vitals_enterprise_social_platform
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-14262

    A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the... Read more

    Affected Products : business_hub
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2022-50621

    In the Linux kernel, the following vulnerability has been resolved: dm: verity-loadpin: Only trust verity targets with enforcement Verity targets can be configured to ignore corrupted data blocks. LoadPin must only trust verity targets that are configur... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2025-42615

    In affected versions, vulnerability-lookup did not track or limit failed One-Time Password (OTP) attempts during Two-Factor Authentication (2FA) verification. An attacker who already knew or guessed a valid username and password could submit an arbitra... Read more

    Affected Products :
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2022-50620

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to invalidate dcc->f2fs_issue_discard in error path Syzbot reports a NULL pointer dereference issue as below: __refcount_add include/linux/refcount.h:193 [inline] __refcoun... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50619

    In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() If the number of pages from the userptr BO differs from the SG BO then the allocated memory for the SG table doesn't get freed be... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 8.3

    HIGH
    CVE-2025-42620

    In affected versions, vulnerability-lookup handled user-controlled content in comments and bundles in an unsafe way, which could lead to stored Cross-Site Scripting (XSS). On the backend, the related_vulnerabilities field of bundles accepted arbitr... Read more

    Affected Products :
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2022-50583

    In the Linux kernel, the following vulnerability has been resolved: md/raid0, raid10: Don't set discard sectors for request queue It should use disk_stack_limits to get a proper max_discard_sectors rather than setting a value by stack drivers. And ther... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 4863 Results