Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2025-43809

    Cross-Site Request Forgery (CSRF) vulnerability in the server (license) registration page in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through u... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.5

    MEDIUM
    CVE-2025-10759

    A vulnerability was detected in Webkul QloApps up to 1.7.0. This affects an unknown function of the component CSRF Token Handler. Performing manipulation of the argument token results in authorization bypass. The attack may be initiated remotely. The expl... Read more

    Affected Products : qloapps
    • Published: Sep. 21, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-39862

    In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: fix list corruption after hardware restart Since stations are recreated from scratch, all lists that wcids are added to must be cleared before calling ieee80211_rest... Read more

    Affected Products : linux_kernel
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025

  • 6.5

    MEDIUM
    CVE-2025-10764

    A vulnerability was identified in SeriaWei ZKEACMS up to 4.3. This affects the function Edit of the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs of the component Event Action System. Such manipulation of the argument Data leads to ser... Read more

    Affected Products :
    • Published: Sep. 21, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.2

    MEDIUM
    CVE-2025-10568

    HyperX NGENUITY software is potentially vulnerable to arbitrary code execution. HP is releasing updated software to address the potential vulnerability.... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025

  • 0.0

    NA
    CVE-2025-39865

    In the Linux kernel, the following vulnerability has been resolved: tee: fix NULL pointer dereference in tee_shm_put tee_shm_put have NULL pointer dereference: __optee_disable_shm_cache --> shm = reg_pair_to_ptr(...);//shm maybe return NULL te... Read more

    Affected Products : linux_kernel
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39860

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() syzbot reported the splat below without a repro. In the splat, a single thread calling bt_accept_dequeue() freed sk and tou... Read more

    Affected Products : linux_kernel
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-39861

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: vhci: Prevent use-after-free by removing debugfs files early Move the creation of debugfs files into a dedicated function, and ensure they are explicitly removed during vhci_... Read more

    Affected Products : linux_kernel
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-55910

    CMSEasy v7.7.8.0 and before is vulnerable to Arbitrary file deletion in database_admin.php.... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-39866

    In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-free in __mark_inode_dirty() An use-after-free issue occurred when __mark_inode_dirty() get the bdi_writeback that was in the progress of switching. CPU: 1... Read more

    Affected Products : linux_kernel
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-39859

    In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog The ptp_ocp_detach() only shuts down the watchdog timer if it is pending. However, if the timer handler is already running,... Read more

    Affected Products : linux_kernel
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-39848

    In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25_kiss_rcv() Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d ("net: introduce per netns packet chains"). skb->dev become... Read more

    Affected Products : linux_kernel
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2025-10181

    The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This mak... Read more

    Affected Products :
    • Published: Sep. 20, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-56762

    Paracrawl KeOPs v2 is vulnerable to Cross Site Scripting (XSS) in error.php.... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-39847

    In the Linux kernel, the following vulnerability has been resolved: ppp: fix memory leak in pad_compress_skb If alloc_skb() fails in pad_compress_skb(), it returns NULL without releasing the old skb. The caller does: skb = pad_compress_skb(ppp, skb... Read more

    Affected Products : linux_kernel
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-40925

    Starch versions 0.14 and earlier generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference addresses. The PID will come f... Read more

    Affected Products :
    • Published: Sep. 20, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cryptography

  • 6.3

    MEDIUM
    CVE-2025-10761

    A vulnerability has been found in Harness 3.3.0. Affected is an unknown function of the file /api/v1/login of the component Login Endpoint. The manipulation leads to improper restriction of excessive authentication attempts. Remote exploitation of the att... Read more

    Affected Products :
    • Published: Sep. 21, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-10762

    A vulnerability was found in kuaifan DooTask up to 1.2.49. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/Api/UsersController.php. The manipulation of the argument keys[department] results in sql injection. The... Read more

    Affected Products :
    • Published: Sep. 21, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-39852

    In the Linux kernel, the following vulnerability has been resolved: net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 When tcp_ao_copy_all_matching() fails in tcp_v6_syn_recv_sock() it just exits the function. This ends up causing a me... Read more

    Affected Products : linux_kernel
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39854

    In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL access of tx->in_use in ice_ll_ts_intr Recent versions of the E810 firmware have support for an extra interrupt to handle report of the "low latency" Tx timestamps coming ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4409 Results