Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2023-53265

    In the Linux kernel, the following vulnerability has been resolved: ubi: ensure that VID header offset + VID header size <= alloc, size Ensure that the VID header offset + VID header size does not exceed the allocated area to avoid slab OOB. BUG: KASAN... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-43797

    In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allo... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-55211

    FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously changing languages of the framework module. This ... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2025-43799

    Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a us... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-10475

    A weakness has been identified in SpyShelter up to 15.4.0.1015. Affected is an unknown function in the library SpyShelter.sys of the component IOCTL Handler. This manipulation causes denial of service. The attack needs to be launched locally. The exploit ... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-10471

    A vulnerability was detected in ZKEACMS 4.3. Impacted is the function Proxy of the file src/ZKEACMS/Controllers/MediaController.cs. Performing manipulation of the argument url results in server-side request forgery. It is possible to initiate the attack r... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Server-Side Request Forgery

  • 2.1

    LOW
    CVE-2025-27238

    Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them.... Read more

    Affected Products : zabbix
    • Published: Sep. 12, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-6202

    Vulnerability in SK Hynix DDR5 on x86 allows a local attacker to trigger Rowhammer bit flips impacting the Hardware Integrity and the system's security. This issue affects DDR5: DIMMs produced from 2021-1 until 2024-12.... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-56467

    An issue was discovered in AXIS BANK LIMITED Axis Mobile App 9.9 that allows attackers to obtain sensitive information without a UPI PIN, such as account information, balances, transaction history, and unspecified other information. NOTE: the Supplier's p... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-57064

    Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the bindDhcpIndex parameter in the modifyDhcpRule function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : g3_firmware g3
    • Published: Sep. 09, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-57063

    Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the portMappingIndex parameter in the formDelPortMapping function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : g3_firmware g3
    • Published: Sep. 09, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-57061

    Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple stack overflows in the formIPMacBindModify function via the ruleId, ip, mac, v6 and remark parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted requ... Read more

    Affected Products : g3_firmware g3
    • Published: Sep. 09, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-57059

    Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the dhcpIndex parameter in the addDhcpRule function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : g3_firmware g3
    • Published: Sep. 09, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-57058

    Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple stack overflows in the formSetDebugCfg function via the pEnable, pLevel, and pModule parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : g3_firmware g3
    • Published: Sep. 09, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-57057

    Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the listStr parameter in the ipMacBindListStore function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : g3_firmware g3
    • Published: Sep. 09, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Denial of Service

  • 9.9

    CRITICAL
    CVE-2025-58371

    Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remot... Read more

    Affected Products : roo_code
    • Published: Sep. 05, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-58372

    Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code workspace configuration files (.code-workspace) are not protected in the same way as the .vscode folde... Read more

    Affected Products : roo_code
    • Published: Sep. 05, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-58373

    Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where .rooignore protections could be bypassed using symlinks. This allows an attacker with write access to the workspace to... Read more

    Affected Products : roo_code
    • Published: Sep. 05, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-58374

    Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that do not need manual approval if auto-approve is enabled, and npm install is included in that list. Be... Read more

    Affected Products : roo_code
    • Published: Sep. 06, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Supply Chain

  • 7.3

    HIGH
    CVE-2025-54911

    Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 15, 2025
Showing 20 of 4263 Results