Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-39678

    In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL If metric table address is not allocated, accessing metrics_bin will result in a NULL pointer dereference, so add a check... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-41682

    An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password.... Read more

    Affected Products :
    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-41664

    A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/SFTP). This access could allow the attacker to escalate... Read more

    Affected Products :
    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-7366

    The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 19.9.7. This is due to the software allowing users to execute an action tha... Read more

    Affected Products :
    • Published: Sep. 06, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-36855

    A vulnerability ( CVE-2025-21176 https://www.cve.org/CVERecord ) exists in DiaSymReader.dll due to buffer over-read. Per CWE-126: Buffer Over-read https://cwe.mitre.org/data/definitions/126.html , Buffer Over-read is when a product reads from a buffer ... Read more

    Affected Products :
    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025

  • 0.0

    NA
    CVE-2025-39705

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a Null pointer dereference vulnerability [Why] A null pointer dereference vulnerability exists in the AMD display driver's (DC module) cleanup function dc_destruct(... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39718

    In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skb_put() When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtio_vsock_skb_rx_put(... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39719

    In the Linux kernel, the following vulnerability has been resolved: iio: imu: bno055: fix OOB access of hw_xlate array Fix a potential out-of-bounds array access of the hw_xlate array in bno055.c. In bno055_get_regmask(), hw_xlate was iterated over the... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Memory Corruption

  • 4.7

    MEDIUM
    CVE-2025-0034

    Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_SPATIAL_PART and cause read or write past the end of allocated arrays, potentially resulting in a loss of platform integrity or denial ... Read more

    Affected Products :
    • Published: Sep. 06, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39727

    In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix potential buffer overflow in setup_clusters() In setup_swap_map(), we only ensure badpages are in range (0, last_page]. As maxpages might be < last_page, setup_clusters()... Read more

    Affected Products : linux_kernel
    • Published: Sep. 07, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-10086

    A weakness has been identified in fuyang_lipengjun platform 1.0.0. This issue affects the function queryAll of the file /adposition/queryAll of the component AdPositionController. This manipulation causes improper authorization. The attack can be initiate... Read more

    Affected Products :
    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-39709

    In the Linux kernel, the following vulnerability has been resolved: media: venus: protect against spurious interrupts during probe Make sure the interrupt handler is initialized before the interrupt is registered. If the IRQ is registered before hfi_cr... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2025-9442

    The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘vodsChannel’ parameter in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it poss... Read more

    Affected Products :
    • Published: Sep. 06, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-8359

    The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticate... Read more

    Affected Products : adforest
    • Published: Sep. 06, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Authentication

  • 2.8

    LOW
    CVE-2023-31326

    Use of an uninitialized variable in the ASP could allow an attacker to access leftover data from a trusted execution environment (TEE) driver, potentially leading to loss of confidentiality.... Read more

    Affected Products :
    • Published: Sep. 06, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Information Disclosure

  • 2.5

    LOW
    CVE-2023-31330

    An out-of-bounds read in the ASP could allow a privileged attacker with access to a malicious bootloader to potentially read sensitive memory resulting in loss of confidentiality.... Read more

    Affected Products :
    • Published: Sep. 06, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Memory Corruption

  • 9.4

    CRITICAL
    CVE-2025-58438

    internetarchive is a Python and Command-Line Interface to Archive.org In versions 5.5.0 and below, there is a directory traversal (path traversal) vulnerability in the File.download() method of the internetarchive library. The file.download() method does ... Read more

    Affected Products :
    • Published: Sep. 06, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Path Traversal

  • 5.1

    MEDIUM
    CVE-2025-36100

    IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0  Java and JMS stores a password in client configuration files when trace... Read more

    Affected Products : mq
    • Published: Sep. 07, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-58437

    Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates ... Read more

    Affected Products :
    • Published: Sep. 06, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-7709

    An integer overflow exists in the FTS5 https://sqlite.org/fts5.html  extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of... Read more

    Affected Products :
    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4406 Results