Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-10709

    A vulnerability was detected in Four-Faith Water Conservancy Informatization Platform 1.0. Affected by this issue is some unknown functionality of the file /history/historyDownload.do;otheruserLogin.do;getfile. The manipulation of the argument fileName re... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2023-53440

    In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix sysfs interface lifetime The current nilfs2 sysfs support has issues with the timing of creation and deletion of sysfs entries, potentially leading to null pointer dereferen... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53377

    In the Linux kernel, the following vulnerability has been resolved: cifs: prevent use-after-free by freeing the cfile later In smb2_compound_op we have a possible use-after-free which can cause hard to debug problems later on. This was revealed during ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-9969

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vizly Web Design Real Estate Packages allows Content Spoofing, CAPEC - 593 - Session Hijacking, CAPEC - 591 - Reflected XSS.This issue affects Rea... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-8532

    Authorization Bypass Through User-Controlled Key, CWE - 862 - Missing Authorization, – Improper Authorization vulnerability in Bimser Solution Software Trade Inc. EBA Document and Workflow Management System allows – Exploitation of Trusted Identifiers, – ... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-4444

    A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attac... Read more

    Affected Products : tor
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-10707

    A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg. Executing manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been ... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2023-53409

    In the Linux kernel, the following vulnerability has been resolved: drivers: base: component: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53404

    In the Linux kernel, the following vulnerability has been resolved: USB: fotg210: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make thin... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-10719

    Tronclass developed by WisdomGarden has an Insecure Direct object Reference vulnerability, allowing remote attackers with regular privilege to modify a specific parameter to access other users' files.... Read more

    Affected Products : tronclass
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2022-50403

    In the Linux kernel, the following vulnerability has been resolved: ext4: fix undefined behavior in bit shift for ext4_check_flag_values Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning cal... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2025-9906

    The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True. One can create a specially crafted .keras model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed. ... Read more

    Affected Products : keras
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-9905

    The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.load_model, will trigger arbitrary code to be execute... Read more

    Affected Products : keras
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Supply Chain

  • 6.6

    MEDIUM
    CVE-2025-7937

    There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW . An attacker can update the system firmware with a specially crafted image.... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2025-6198

    There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2025-10035

    A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.... Read more

    Affected Products : goanywhere_managed_file_transfer
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 7.0

    HIGH
    CVE-2025-59215

    Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : windows_11_24h2 windows_server_2025
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025

  • 8.6

    HIGH
    CVE-2025-54754

    An attacker with adjacent access, without authentication, can exploit this vulnerability to retrieve a hard-coded password embedded in publicly available software. This password can then be used to decrypt sensitive network traffic, affecting the Cogne... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-10630

    Grafana is an open-source platform for monitoring and observability. Grafana-Zabbix is a plugin for Grafana allowing to visualize monitoring data from Zabbix and create dashboards for analyzing metrics and realtime monitoring.  Versions 5.2.1 and below... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2022-50390

    In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warn... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4290 Results