Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-39890

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event Currently, in ath12k_service_ready_ext_event(), svc_rdy_ext.mac_phy_caps is not freed in the failure case, causing a memo... Read more

    Affected Products : linux_kernel
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2025-10906

    A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the function loadModuleNamed:WithReply of the file /Applications/Endurance.app/Contents/Library/LaunchServices/com.MagnetismStudios.endurance.helper of the component N... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-9353

    The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 7.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated a... Read more

    Affected Products : builder
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2025-21484

    Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-9031

    Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive Web allows Cross-Domain Search Timing.This issue affects DivvyDrive Web: from 4.8.2.2 before 4.8.2.15.... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-58457

    Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command with insufficient permissions. This issue affects Apache ZooKeeper: from 3.9.0 before 3.9.4. Users are recommended to upgrade to version 3.9.4... Read more

    Affected Products : zookeeper
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-41715

    The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it.... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Authentication

  • 4.2

    MEDIUM
    CVE-2025-54855

    Cleartext storage of sensitive information was discovered in Click Programming Software version v3.60. The vulnerability can be exploited by a local user with access to the file system, while an administrator session is active, to steal credentials stored... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Misconfiguration

  • 3.3

    LOW
    CVE-2025-23271

    NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of serv... Read more

    Affected Products : cuda_toolkit
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 5.0

    MEDIUM
    CVE-2024-21935

    Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish® API commands to remove files from the local root directory, potentially resulting in data corruption.... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-39889

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Check encryption key size on incoming connection This is required for passing GAP/SEC/SEM/BI-04-C PTS test case: Security Mode 4 Level 4, Responder - Invalid Encrypt... Read more

    Affected Products : linux_kernel
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Misconfiguration

  • 6.7

    MEDIUM
    CVE-2025-54081

    Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.923.33222, the Windows service SunshineService is installed with an unquoted executable path. If Sunshine is installed in a directory whose name includes a space, the Service ... Read more

    Affected Products : sunshine
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-59821

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile tha... Read more

    Affected Products : dotnetnuke
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-56146

    Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Certificate Validation in NuWebViewActivity.... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2024-4598

    An information disclosure vulnerability exists in multiple WSO2 products due to improper implementation of the enrich mediator. Authenticated users may be able to view unintended business data from other mediation contexts because the internal state is no... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2025-58354

    Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In Kata Containers versions from 3.20.0 and before, a malicious host can circumvent initdata verification. ... Read more

    Affected Products : runtime
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-56311

    In Shenzhen C-Data Technology Co. FD602GW-DX-R410 (firmware v2.2.14), the web management interface contains an authenticated CSRF vulnerability on the reboot endpoint (/boaform/admin/formReboot). An attacker can craft a malicious webpage that, when visite... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.3

    MEDIUM
    CVE-2025-59822

    Http4s is a Scala interface for HTTP services. In versions from 1.0.0-M1 to before 1.0.0-M45 and before 0.23.31, http4s is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section. This vulnerability could enable attackers to ... Read more

    Affected Products : http4s
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Misconfiguration

  • 8.2

    HIGH
    CVE-2025-10184

    The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed.... Read more

    Affected Products : oxygenos
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-59539

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, when embedding information in the Biography field, even if that field is not rich-text, users could inject javascript co... Read more

    Affected Products : dotnetnuke
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4198 Results