Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2025-52873

    Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 to allow management operations such as firmware upgrades and device reboots, which require authentication. A user with protected privileges can successfully ... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-54818

    Cognex In-Sight Explorer and In-Sight Camera Firmware expose a proprietary protocol on TCP port 1069 to perform management operations such as modifying system properties. The user management functionality handles sensitive data such as registered user... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authentication

  • 7.7

    HIGH
    CVE-2025-54860

    Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 in order to allow management operations on the device such as firmware upgrades and device reboot requiring an authentication. A wrong management of login fa... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-10690

    The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to unauthorized arbitrary file uploads due to a missing capability check on the 'beplus_import_pack_install_plugin' function in all versions up to, and including, 3.2.2. This m... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-59717

    In the @digitalocean/do-markdownit package through 1.16.1 (in npm), the callout and fence_environment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string (instead of an array).... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-54807

    The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system.... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-55068

    Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to handle Unix time values beyond a certain point. An attacker can manually change the system time to exploit this limitation, potentially causing errors in authentication and leading to a denia... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-57293

    A command injection vulnerability in COMFAST CF-XR11 (firmware V2.7.2) exists in the multi_pppoe API, processed by the sub_423930 function in /usr/bin/webmgnt. The phy_interface parameter is not sanitized, allowing attackers to inject arbitrary commands v... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2023-53404

    In the Linux kernel, the following vulnerability has been resolved: USB: fotg210: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make thin... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption

  • 8.0

    HIGH
    CVE-2025-57295

    H3C devices running firmware version NX15V100R015 are vulnerable to unauthorized access due to insecure default credentials. The root user account has no password set, and the H3C user account uses the default password "admin," both stored in the /etc/sha... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2023-53443

    In the Linux kernel, the following vulnerability has been resolved: mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak In arizona_clk32k_enable(), we should use pm_runtime_resume_and_get() as pm_runtime_get_sync() will increase the ref... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025

  • 0.0

    NA
    CVE-2023-53445

    In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Fix a refcount bug in qrtr_recvmsg() Syzbot reported a bug as following: refcount_t: addition on 0; use-after-free. ... RIP: 0010:refcount_warn_saturate+0x17c/0x1f0 lib/refc... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53447

    In the Linux kernel, the following vulnerability has been resolved: f2fs: don't reset unchangable mount option in f2fs_remount() syzbot reports a bug as below: general protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#1] P... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2023-53430

    In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: dma: fix memory leak running mt76_dma_tx_cleanup Fix device unregister memory leak and alway cleanup all configured rx queues in mt76_dma_tx_cleanup routine.... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53441

    In the Linux kernel, the following vulnerability has been resolved: bpf: cpumap: Fix memory leak in cpu_map_update_elem Syzkaller reported a memory leak as follows: BUG: memory leak unreferenced object 0xff110001198ef748 (size 192): comm "syz-executo... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53446

    In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free Struct pcie_link_state->downstream is a pointer to the pci_dev of function 0. Previously we retained that pointer... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53436

    In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix possible memory leak if device_add() fails If device_add() returns error, the name allocated by dev_set_name() needs be freed. As the comment of device_add() says, put_d... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53438

    In the Linux kernel, the following vulnerability has been resolved: x86/MCE: Always save CS register on AMD Zen IF Poison errors The Instruction Fetch (IF) units on current AMD Zen-based systems do not guarantee a synchronous #MC is delivered for poison... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2023-53442

    In the Linux kernel, the following vulnerability has been resolved: ice: Block switchdev mode when ADQ is active and vice versa ADQ and switchdev are not supported simultaneously. Enabling both at the same time can result in nullptr dereference. To pre... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-10676

    A weakness has been identified in fuyang_lipengjun platform 1.0. Affected is the function BrandController of the file /brand/queryAll. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been mad... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization
Showing 20 of 4426 Results