Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-46153

    PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Misconfiguration

  • 4.4

    MEDIUM
    CVE-2025-33116

    IBM Watson Studio 4.0 through 5.2.0 on Cloud Pak for Data is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading ... Read more

    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-57324

    parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attackers to inject properties on Object.prototype via supplyin... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2025-59828

    Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Cod... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-54520

    Improper Protection Against Voltage and Clock Glitches in FPGA devices, could allow an attacker with physical access to undervolt the platform resulting in a loss of confidentiality.... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-59823

    Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack pro... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-10941

    A vulnerability was determined in Topaz SERVCore Teller 2.14.0-RC2/2.14.1. Affected by this issue is some unknown functionality of the file SERVCoreTeller_2.0.40D.msi of the component Installer. Executing manipulation can lead to permission issues. The at... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025

  • 7.6

    HIGH
    CVE-2025-59251

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025

  • 8.2

    HIGH
    CVE-2025-59827

    Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, the /api/admin/assign-badge endpoint lacks proper access control, allowing any authenticated user to assign high-privilege badges (e.g., Staff) to themselves. This could lead to privilege ... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2025-20315

    A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, causing a denial of service (DoS) condition. This vulnerability ... Read more

    Affected Products : ios_xe
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Denial of Service

  • 9.0

    HIGH
    CVE-2025-10953

    A security vulnerability has been detected in UTT 1200GW and 1250GW up to 3.0.0-170831/3.2.2-200710. This vulnerability affects unknown code of the file /goform/formApMail. The manipulation of the argument senderEmail leads to buffer overflow. The attack ... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Memory Corruption

  • 5.1

    MEDIUM
    CVE-2025-10943

    A security flaw has been discovered in MikeCen WeChat-Face-Recognition up to 6e3f72bf8547d80b59e330f1137e4aa505f492c1. This vulnerability affects the function valid of the file wx.php. The manipulation of the argument echostr results in cross site scripti... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.7

    HIGH
    CVE-2025-20327

    A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation. An attacke... Read more

    Affected Products : ios
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Denial of Service

  • 0.5

    LOW
    CVE-2025-59824

    Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to version 0.48.0, Omni Wireguard SideroLink has the potential to escape. Omni and each Talos machine establish a peer-to-peer (P2P) SideroLink connection using WireGuard to mut... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-57354

    A vulnerability exists in the 'counterpart' library for Node.js and the browser due to insufficient sanitization of user-controlled input in translation key processing. The affected versions prior to 0.18.6 allow attackers to manipulate the library's tran... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-59831

    git-commiters is a Node.js function module providing committers stats for their git repository. Prior to version 0.1.2, there is a command injection vulnerability in git-commiters. This vulnerability manifests with the library's primary exported API: gitC... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-57351

    A prototype pollution vulnerability exists in the ts-fns package versions prior to 13.0.7, where insufficient validation of user-provided keys in the assign function allows attackers to manipulate the Object.prototype chain. By leveraging this flaw, adver... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2025-40698

    SQL injection vulnerability in Prevengos v2.44 by Nedatec Consulting. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameters “mpsCentroin”, “mpsEmpresa”, “mpsProyecto”, and “m... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-55553

    A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Denial of Service

  • 9.6

    CRITICAL
    CVE-2025-10894

    Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects cre... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Supply Chain
Showing 20 of 4204 Results