Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-39744

    In the Linux kernel, the following vulnerability has been resolved: rcu: Fix rcu_read_unlock() deadloop due to IRQ work During rcu_read_unlock_special(), if this happens during irq_exit(), we can lockup if an IPI is issued. This is because the IPI itsel... Read more

    Affected Products : linux_kernel
    • Published: Sep. 11, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Race Condition

  • 5.3

    MEDIUM
    CVE-2025-43788

    The organization selector in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q1.1 through 2024.Q1.12 and 7.4 update 81 through update 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizat... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 12, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-39737

    In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() A soft lockup warning was observed on a relative small system x86-64 system with 16 GB of memory when running a debug kernel wi... Read more

    Affected Products : linux_kernel
    • Published: Sep. 11, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-39736

    In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock When netpoll is enabled, calling pr_warn_once() while holding kmemleak_lock in mem_pool_alloc() can cause a deadloc... Read more

    Affected Products : linux_kernel
    • Published: Sep. 11, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-39760

    In the Linux kernel, the following vulnerability has been resolved: usb: core: config: Prevent OOB read in SS endpoint companion parsing usb_parse_ss_endpoint_companion() checks descriptor type before length, enabling a potentially odd read outside of t... Read more

    Affected Products : linux_kernel
    • Published: Sep. 11, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39750

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Correct tid cleanup when tid setup fails Currently, if any error occurs during ath12k_dp_rx_peer_tid_setup(), the tid value is already incremented, even though the corresp... Read more

    Affected Products : linux_kernel
    • Published: Sep. 11, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39741

    In the Linux kernel, the following vulnerability has been resolved: drm/xe/migrate: don't overflow max copy size With non-page aligned copy, we need to use 4 byte aligned pitch, however the size itself might still be close to our maximum of ~8M, and so ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 11, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-39740

    In the Linux kernel, the following vulnerability has been resolved: drm/xe/migrate: prevent potential UAF If we hit the error path, the previous fence (if there is one) has already been put() prior to this, so doing a fence_wait could lead to UAF. Tweak... Read more

    Affected Products : linux_kernel
    • Published: Sep. 11, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Memory Corruption

  • 9.6

    CRITICAL
    CVE-2025-59053

    AIRI is a self-hosted, artificial intelligence based Grok Companion. In v0.7.2-beta.2 in the `packages/stage-ui/src/components/MarkdownRenderer.vue` path, the Markdown content is processed using the useMarkdown composable, and the processed HTML is render... Read more

    Affected Products :
    • Published: Sep. 11, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-39769

    In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix lockdep warning during rmmod The commit under the Fixes tag added a netdev_assert_locked() in bnxt_free_ntp_fltrs(). The lock should be held during normal run-time but the... Read more

    Affected Products : linux_kernel
    • Published: Sep. 11, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-39771

    In the Linux kernel, the following vulnerability has been resolved: regulator: pca9450: Use devm_register_sys_off_handler With module test, there is error dump: ------------[ cut here ]------------ notifier callback pca9450_i2c_restart_handler already... Read more

    Affected Products : linux_kernel
    • Published: Sep. 11, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-39784

    In the Linux kernel, the following vulnerability has been resolved: PCI: Fix link speed calculation on retrain failure When pcie_failed_link_retrain() fails to retrain, it tries to revert to the previous link speed. However it calculates that speed fro... Read more

    Affected Products : linux_kernel
    • Published: Sep. 11, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-10271

    A vulnerability was found in erjinzhi 10OA 1.0. This impacts an unknown function of the file /trial/mvc/finder. The manipulation of the argument Name results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made ... Read more

    Affected Products :
    • Published: Sep. 11, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-9807

    The The Events Calendar plugin for WordPress is vulnerable to time-based SQL Injection via the ‘s’ parameter in all versions up to, and including, 6.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the... Read more

    Affected Products : the_events_calendar
    • Published: Sep. 12, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-39743

    In the Linux kernel, the following vulnerability has been resolved: jfs: truncate good inode pages when hard link is 0 The fileset value of the inode copy from the disk by the reproducer is AGGR_RESERVED_I. When executing evict, its hard link number is ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 11, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39742

    In the Linux kernel, the following vulnerability has been resolved: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() The function divides number of online CPUs by num_core_siblings, and later checks the divider by zero. This implies a po... Read more

    Affected Products : linux_kernel
    • Published: Sep. 11, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-39764

    In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: remove refcounting in expectation dumpers Same pattern as previous patch: do not keep the expectation object alive via refcount, only store a cookie value and then... Read more

    Affected Products : linux_kernel
    • Published: Sep. 11, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-8061

    A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated local user to execute code with elevated privileges. The Le... Read more

    • Published: Sep. 11, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2025-9201

    A potential DLL hijacking vulnerability was discovered in Lenovo Browser during an internal security assessment that could allow a local user to execute code with elevated privileges.... Read more

    Affected Products : browser
    • Published: Sep. 11, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-39790

    In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Detect events pointing to unexpected TREs When a remote device sends a completion event to the host, it contains a pointer to the consumed TRE. The host uses this pointe... Read more

    Affected Products : linux_kernel
    • Published: Sep. 11, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4202 Results