Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2025-10360

    In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Ent... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Cryptography

  • 0.0

    NA
    CVE-2024-58241

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Disable works on hci_unregister_dev This make use of disable_work_* on hci_unregister_dev since the hci_dev is about to be freed new submissions are not disarable.... Read more

    Affected Products : linux_kernel
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025

  • 3.3

    LOW
    CVE-2025-23255

    NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary where a user may cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability may lead to a partial denial of se... Read more

    Affected Products : cuda_toolkit
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Information Disclosure

  • 6.7

    MEDIUM
    CVE-2025-5717

    An authenticated remote code execution (RCE) vulnerability exists in multiple WSO2 products due to improper input validation in the event processor admin service. A user with administrative access to the SOAP admin services can exploit this flaw by deploy... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-57204

    Stocky POS with Inventory Management & HRM (ui-lib) version 5.0 is affected by a Stored Cross-Site Scripting (XSS) vulnerability within the Products module available to authenticated users. The vulnerability resides in the product name parameter submitted... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-54376

    Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remot... Read more

    Affected Products : hoverfly
    • Published: Sep. 10, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-9784

    A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by rep... Read more

    • Published: Sep. 02, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2025-47910

    When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler... Read more

    Affected Products : go
    • Published: Sep. 22, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-58142

    [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL point... Read more

    Affected Products : xen
    • Published: Sep. 11, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-58143

    [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL point... Read more

    Affected Products : xen
    • Published: Sep. 11, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-58144

    [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are two issues related to the mapping of pages belonging to other domains: For one, an assertion is wrong there, where ... Read more

    Affected Products : xen
    • Published: Sep. 11, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-58145

    [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are two issues related to the mapping of pages belonging to other domains: For one, an assertion is wrong there, where ... Read more

    Affected Products : xen
    • Published: Sep. 11, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-58065

    Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite ... Read more

    Affected Products : flask-appbuilder flask-appbuilder
    • Published: Sep. 11, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-59055

    InstantCMS is a free and open source content management system. A blind Server-Side Request Forgery (SSRF) vulnerability in InstantCMS up to and including 2.17.3 allows authenticated remote attackers to make nay HTTP/HTTPS request via the package paramete... Read more

    Affected Products : instantcms
    • Published: Sep. 11, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-55319

    Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.... Read more

    Affected Products : visual_studio_code
    • Published: Sep. 12, 2025
    • Modified: Sep. 24, 2025

  • 4.0

    MEDIUM
    CVE-2025-36082

    IBM OpenPages 9.0 and 9.1 allows web page cache to be stored locally which can be read by another user on the system.... Read more

    Affected Products : openpages_with_watson openpages
    • Published: Sep. 15, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Information Disclosure

  • 6.8

    MEDIUM
    CVE-2025-8531

    Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series Q03UDVCPU, Q04UDVCPU, Q06UDVCPU, Q13UDVCPU, Q26UDVCPU, Q04UDPVCPU, Q06UDPVCPU, Q13UDPVCPU, and Q26UDPVCPU with the first 5 digits of seria... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2025-9566

    There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful atta... Read more

    • Published: Sep. 05, 2025
    • Modified: Sep. 23, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2024-36354

    Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to bypass SMM isolation potential... Read more

    Affected Products :
    • Published: Sep. 06, 2025
    • Modified: Sep. 23, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2024-36342

    Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution.... Read more

    Affected Products :
    • Published: Sep. 06, 2025
    • Modified: Sep. 23, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4366 Results