Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-10587

    The Community Events plugin for WordPress is vulnerable to SQL Injection via the event_category parameter in all versions up to, and including, 1.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exi... Read more

    Affected Products : community_events
    • Published: Oct. 08, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-10635

    The Find Me On WordPress plugin through 2.0.9.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing subscribers and above to perform SQL injection attacks... Read more

    Affected Products :
    • Published: Oct. 08, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-1826

    IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034, 7.0.3 to 7.0.3 iFix016, and 7.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host net... Read more

    Affected Products : jazz_foundation
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-10351

    SQL injection vulnerability based on the melis-cms module of the Melis platform from Melis Technology. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'idPage' parameter in the '/melis/MelisCms/PageEditi... Read more

    Affected Products : meliscms
    • Published: Oct. 08, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-10352

    Vulnerability in the melis-core module of Melis Technology's Melis Platform, which, if exploited, allows an unauthenticated attacker to create an administrator account via a request to '/melis/MelisCore/ToolUser/addNewUser'.... Read more

    Affected Products :
    • Published: Oct. 08, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2023-53686

    In the Linux kernel, the following vulnerability has been resolved: net/handshake: fix null-ptr-deref in handshake_nl_done_doit() We should not call trace_handshake_cmd_done_err() if socket lookup has failed. Also we should call trace_handshake_cmd_don... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53668

    In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix deadloop issue on reading trace_pipe Soft lockup occurs when reading file 'trace_pipe': watchdog: BUG: soft lockup - CPU#6 stuck for 22s! [cat:4488] [...] RIP: 0... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2023-53667

    In the Linux kernel, the following vulnerability has been resolved: net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize Currently in cdc_ncm_check_tx_max(), if dwNtbOutMaxSize is lower than the calculated "min" value, but greater than zero, the lo... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53660

    In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Handle skb as well when clean up ptr_ring The following warning was reported when running xdp_redirect_cpu with both skb-mode and stress-mode enabled: ------------[ cut ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025

  • 0.0

    NA
    CVE-2023-53680

    In the Linux kernel, the following vulnerability has been resolved: NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL OPDESC() simply indexes into nfsd4_ops[] by the op's operation number, without range checking that value. It assumes callers a... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-10649

    The Welcart e-Commerce plugin for WordPress is vulnerable to SQL Injection via the cookie in all versions up to, and including, 2.11.21 due to insufficient escaping on the user supplied value and lack of sufficient preparation on the existing SQL query. T... Read more

    Affected Products : welcart_e-commerce
    • Published: Oct. 08, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-43821

    Cross-site scripting (XSS) vulnerability in the Commerce Product Comparison Table widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote attack... Read more

    Affected Products : liferay_portal dxp
    • Published: Oct. 08, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2023-53658

    In the Linux kernel, the following vulnerability has been resolved: spi: bcm-qspi: return error if neither hif_mspi nor mspi is available If neither a "hif_mspi" nor "mspi" resource is present, the driver will just early exit in probe but still return s... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2023-53655

    In the Linux kernel, the following vulnerability has been resolved: rcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe-ed Registering a kprobe on __rcu_irq_enter_check_tick() can cause kernel stack overflow as shown below. This i... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2023-53653

    In the Linux kernel, the following vulnerability has been resolved: media: amphion: fix REVERSE_INULL issues reported by coverity null-checking of a pointor is suggested before dereferencing it... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025

  • 0.0

    NA
    CVE-2023-53651

    In the Linux kernel, the following vulnerability has been resolved: Input: exc3000 - properly stop timer on shutdown We need to stop the timer on driver unbind or probe failures, otherwise we get UAF/Oops.... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-43829

    Stored cross-site scripting (XSS) vulnerability in diagram type products in Commerce in Liferay Portal 7.4.3.18 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 18 through update 92 allows remote ... Read more

    Affected Products : liferay_portal dxp
    • Published: Oct. 08, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2023-53647

    In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Don't dereference ACPI root object handle Since the commit referenced in the Fixes: tag below the VMBus client driver is walking the ACPI namespace up from the VMBus... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Information Disclosure

  • 6.4

    MEDIUM
    CVE-2025-59303

    HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is used, accepts config snippets from users with create/update permissions. This can result in obtaining an ingress token secret as a response. The fixed versions o... Read more

    Affected Products :
    • Published: Oct. 08, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2023-53679

    In the Linux kernel, the following vulnerability has been resolved: wifi: mt7601u: fix an integer underflow Fix an integer underflow that leads to a null pointer dereference in 'mt7601u_rx_skb_from_seg()'. The variable 'dma_len' in the URB packet could ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 3904 Results