Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-40047

    In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: always prune wait queue entry in io_waitid_wait() For a successful return, always remove our entry from the wait queue entry list. Previously this was skipped if a canc... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Race Condition

  • 5.4

    MEDIUM
    CVE-2025-62798

    Sharp is a content management framework built for Laravel as a package. Prior to 9.11.1, a Cross-Site Scripting (XSS) vulnerability was discovered in code16/sharp when rendering content using the SharpShowTextField component. In affected versions, express... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-60805

    An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml.... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-34294

    Wazuh's File Integrity Monitoring (FIM), when configured with automatic threat removal, contains a time-of-check/time-of-use (TOCTOU) race condition that can allow a local, low-privileged attacker to cause the Wazuh service (running as NT AUTHORITY\SYSTEM... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-40060

    In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: Return NULL pointer for allocation failures When the TRBE driver fails to allocate a buffer, it currently returns the error code "-ENOMEM". However, the caller etm_setu... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40058

    In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Disallow dirty tracking if incoherent page walk Dirty page tracking relies on the IOMMU atomically updating the dirty bit in the paging-structure entry. For this operation t... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-40054

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF issue in f2fs_merge_page_bio() As JY reported in bugzilla [1], Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 pc : [0xffffffe51d2494... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-40074

    In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dst_dev_rcu() Change icmpv4_xrlim_allow(), ip_defrag() to prevent possible UAF. Change ipmr_prepare_xmit(), ipmr_queue_fwd_xmit(), ip_mr_output(), ipv4_neigh_lookup()... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40073

    In the Linux kernel, the following vulnerability has been resolved: drm/msm: Do not validate SSPP when it is not ready Current code will validate current plane and previous plane to confirm they can share a SSPP with multi-rect mode. The SSPP is already... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40072

    In the Linux kernel, the following vulnerability has been resolved: fanotify: Validate the return value of mnt_ns_from_dentry() before dereferencing The function do_fanotify_mark() does not validate if mnt_ns_from_dentry() returns NULL before dereferenc... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40070

    In the Linux kernel, the following vulnerability has been resolved: pps: fix warning in pps_register_cdev when register device fail Similar to previous commit 2a934fdb01db ("media: v4l2-dev: fix error handling in __video_register_device()"), the release... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40069

    In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix obj leak in VM_BIND error path If we fail a handle-lookup part way thru, we need to drop the already obtained obj references. Patchwork: https://patchwork.freedesktop.org/... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40043

    In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Add parameter validation for packet data Syzbot reported an uninitialized value bug in nci_init_req, which was introduced by commit 5aca7966d2a7 ("Merge tag 'perf-tools-f... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40040

    In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix flag-dropping behavior in ksm_madvise syzkaller discovered the following crash: (kernel BUG) [ 44.607039] ------------[ cut here ]------------ [ 44.607422] kernel BUG a... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-40048

    In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Let userspace take care of interrupt mask Remove the logic to set interrupt mask by default in uio_hv_generic driver as the interrupt mask value is supposed to be contro... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-40028

    In the Linux kernel, the following vulnerability has been resolved: binder: fix double-free in dbitmap A process might fail to allocate a new bitmap when trying to expand its proc->dmap. In that case, dbitmap_grow() fails and frees the old bitmap via db... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-11735

    The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to blind SQL Injection via the `phrase` parameter in all versions up to, and including, 1.3.7.1 due to insufficient escaping on the user supplied parameter and lac... Read more

    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-10145

    The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.7 via the upload_to_library function. This makes it possible for authenticated attackers, with Author... Read more

    Affected Products : auto_featured_image
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.1

    MEDIUM
    CVE-2025-43024

    A GUI dialog of an application allows to view what files are in the file system without proper authorization.... Read more

    Affected Products : thinpro_8.1
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-62793

    eLabFTW is an open source electronic lab notebook for research labs. The application served uploaded SVG files inline. Because SVG supports active content, an attacker could upload a crafted SVG that executes script when viewed, resulting in stored XSS un... Read more

    Affected Products : elabftw
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3732 Results