Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-9657

    A vulnerability was detected in O2OA up to 10.0-410. This issue affects some unknown processing of the file /x_program_center/jaxrs/script of the component Personal Profile Page. The manipulation of the argument name/alias/description results in cross sit... Read more

    Affected Products : o2oa
    • Published: Aug. 29, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.2

    MEDIUM
    CVE-2024-26918

    In the Linux kernel, the following vulnerability has been resolved: PCI: Fix active state requirement in PME polling The commit noted in fixes added a bogus requirement that runtime PM managed devices need to be in the RPM_ACTIVE state for PME polling. ... Read more

    Affected Products : linux_kernel
    • Published: Apr. 17, 2024
    • Modified: Sep. 16, 2025

  • 5.4

    MEDIUM
    CVE-2025-9658

    A flaw has been found in O2OA up to 10.0-410. Impacted is an unknown function of the file /x_portal_assemble_designer/jaxrs/dict/ of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting.... Read more

    Affected Products : o2oa
    • Published: Aug. 29, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2023-52522

    In the Linux kernel, the following vulnerability has been resolved: net: fix possible store tearing in neigh_periodic_work() While looking at a related syzbot report involving neigh_periodic_work(), I found that I forgot to add an annotation when deleti... Read more

    Affected Products : linux_kernel
    • Published: Mar. 02, 2024
    • Modified: Sep. 16, 2025

  • 2.5

    LOW
    CVE-2023-52620

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters.... Read more

    Affected Products : linux_kernel
    • Published: Mar. 21, 2024
    • Modified: Sep. 16, 2025

  • 6.2

    MEDIUM
    CVE-2021-47147

    In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Fix a resource leak in an error handling path If an error occurs after a successful 'pci_ioremap_bar()' call, it must be undone by a corresponding 'pci_iounmap()' call, as alr... Read more

    Affected Products : linux_kernel
    • Published: Mar. 25, 2024
    • Modified: Sep. 16, 2025

  • 7.1

    HIGH
    CVE-2021-47153

    In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Don't generate an interrupt on bus reset Now that the i2c-i801 driver supports interrupts, setting the KILL bit in a attempt to recover from a timed out transaction triggers ... Read more

    Affected Products : linux_kernel
    • Published: Mar. 25, 2024
    • Modified: Sep. 16, 2025

  • 5.4

    MEDIUM
    CVE-2025-9659

    A vulnerability has been found in O2OA up to 10.0-410. The affected element is an unknown function of the file /x_portal_assemble_designer/jaxrs/widget of the component Personal Profile Page. Such manipulation leads to cross site scripting. The attack can... Read more

    Affected Products : o2oa
    • Published: Aug. 29, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.6

    MEDIUM
    CVE-2025-56689

    One Identity by Quest Safeguard for Privileged Passwords Appliance 7.5.1.20903 is vulnerable to One Time Password (OTP)/Multifactor Authentication (MFA) bypass using response manipulation. An attacker who intercepts or captures a valid OTP response can by... Read more

    Affected Products : one_identity
    • Published: Sep. 03, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-3017

    In a Silicon Labs  multi-protocol gateway, a corrupt pointer to buffered data on a multi-protocol radio co-processor (RCP) causes the OpenThread Border Router(OTBR) application task running on the host platform to crash, allowing an attacker to cause a ... Read more

    Affected Products :
    • Published: Jun. 27, 2024
    • Modified: Sep. 16, 2025

  • 1.0

    LOW
    CVE-2024-12975

    A buffer overread can occur in the CPC application when operating in full duplex SPI upon receiving an invalid packet over the SPI interface.... Read more

    • Published: Mar. 07, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2023-52623

    In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a suspicious RCU usage warning I received the following warning while running cthon against an ontap server running pNFS: [ 57.202521] ============================= [ 5... Read more

    Affected Products : linux_kernel
    • Published: Mar. 26, 2024
    • Modified: Sep. 16, 2025

  • 5.5

    MEDIUM
    CVE-2025-8745

    A vulnerability, which was classified as problematic, has been found in Weee RICEPO App 6.17.77 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.ricepo.app. The manipulation leads to improper expo... Read more

    Affected Products : ricepo
    • Published: Aug. 09, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2024-26847

    In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: use correct function name for resetting TCE tables The PAPR spec spells the function name as "ibm,reset-pe-dma-windows" but in practice firmware uses the singular form... Read more

    Affected Products : linux_kernel
    • Published: Apr. 17, 2024
    • Modified: Sep. 16, 2025

  • 7.6

    HIGH
    CVE-2025-9072

    Mattermost versions 10.10.x <= 10.10.1, 10.5.x <= 10.5.9, 10.9.x <= 10.9.4 fail to validate the redirect_to parameter, allowing an attacker to craft a malicious link that, once a user authenticates with their SAML provider, could post the user’s cookies t... Read more

    Affected Products : mattermost_server
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-9084

    Mattermost versions 10.5.x <= 10.5.9 fail to properly validate redirect URLs which allows attackers to redirect users to malicious sites via crafted OAuth login URLs... Read more

    Affected Products : mattermost_server
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-9078

    Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.1, 10.9.x <= 10.9.3 fail to properly validate cache keys for link metadata which allows authenticated users to access unauthorized posts and poison link previews v... Read more

    Affected Products : mattermost_server
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-35307

    Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. This issue affects Pandora FMS: from 700 through <777.... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Jun. 10, 2024
    • Modified: Sep. 16, 2025

  • 8.8

    HIGH
    CVE-2024-12971

    Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Mar. 17, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-12992

    Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE. This issue affects Pandora FMS from 700 to 777.6 .... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Mar. 17, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Injection
Showing 20 of 294504 Results