Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2023-53269

    In the Linux kernel, the following vulnerability has been resolved: block: ublk: make sure that block size is set correctly block size is one very key setting for block layer, and bad block size could panic kernel easily. Make sure that block size is s... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2023-53286

    In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Return the firmware result upon destroying QP/RQ Previously when destroying a QP/RQ, the result of the firmware destruction function was ignored and upper layers weren't info... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2023-53290

    In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix fout leak in hbm's run_bpf_prog Fix fout being fopen'ed but then not subsequently fclose'd. In the affected branch, fout is otherwise going out of scope.... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53302

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwl4965: Add missing check for create_singlethread_workqueue() Add the check for the return value of the create_singlethread_workqueue() in order to avoid NULL pointer dereference... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Memory Corruption

  • 3.2

    LOW
    CVE-2025-59437

    The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current vers... Read more

    Affected Products : ip
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-5519

    Insertion of Sensitive Information Into Sent Data vulnerability in ArgusTech BILGER allows Choosing Message Identifier.This issue affects BILGER: before 2.4.6.... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2025-10015

    The Sparkle framework includes an XPC service Downloader.xpc, by default this service is private to the application its bundled with. A local unprivileged attacker can register this XPC service globally which will inherit TCC permissions of the applicatio... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-10016

    The Sparkle framework includes a helper tool Autoupdate. Due to lack of authentication of connecting clients a local unprivileged attacker can request installation of crafted malicious PKG file by racing to connect to the daemon when other app spawns it ... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-6575

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dolusoft Omaspot allows Reflected XSS.This issue affects Omaspot: before 12.09.2025.... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.6

    CRITICAL
    CVE-2025-7743

    Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation.This issue affects Omaspot: before 12.09.2025.... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Cryptography

  • 4.3

    MEDIUM
    CVE-2025-8446

    The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized limited plugin install due to a missing capability check on the 'blaze_demo_importer_install_plugin' function in all versions up to, and including, 1.0.12. This makes it possible f... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Authorization

  • 2.1

    LOW
    CVE-2025-43798

    Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times during the validity period, which allows attackers with access to a user’s TOT... Read more

    Affected Products : dxp
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Authentication

  • 5.0

    MEDIUM
    CVE-2025-59397

    Open Web Analytics (OWA) before 1.8.1 allows SQL injection.... Read more

    Affected Products : open_web_analytics
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2023-53303

    In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix possible memory leak for vcap_dup_rule() Inject fault When select CONFIG_VCAP_KUNIT_TEST, the below memory leak occurs. If kzalloc() for duprule succeeds, ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53292

    In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix NULL dereference on q->elevator in blk_mq_elv_switch_none After grabbing q->sysfs_lock, q->elevator may become NULL because of elevator switch. Fix the NULL dereference on ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53293

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: check for NULL in btrtl_set_quirks() The btrtl_set_quirks() has accessed btrtl_dev->ic_info->lmp_subver since b8e482d02513. However, if installing a Realtek Bluetooth ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Memory Corruption

  • 3.1

    LOW
    CVE-2025-59398

    The OCPP implementation in libocpp before 0.26.2 allows a denial of service (EVerest crash) via JSON input larger than 255 characters, because a CiString<255> object is created with StringTooLarge set to Throw.... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-10472

    A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function download_video/stream_video of the file app/controllers/v1/video.py of the component URL Handler. The manipulation of the argument file_path le... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Path Traversal

  • 4.8

    MEDIUM
    CVE-2025-43791

    Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web scr... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-58177

    n8n is an open source workflow automation platform. From 1.24.0 to before 1.107.0, there is a stored cross-site scripting (XSS) vulnerability in @n8n/n8n-nodes-langchain.chatTrigger. An authorized user can configure the LangChain Chat Trigger node with ma... Read more

    Affected Products : n8n
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4306 Results