Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2022-50374

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure syzbot is reporting NULL pointer dereference at hci_uart_tty_close() [1], for rcu_sync_enter() is called without rcu_syn... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39814

    In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in ice_unplug_aux_dev() on reset Issuing a reset when the driver is loaded without RDMA support, will results in a crash as it attempts to remove RDMA'... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2025-9992

    The Ghost Kit – Page Builder Blocks, Motion Effects & Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS field in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escapi... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-10493

    The Chained Quiz plugin for WordPress is vulnerable to Insecure Direct Object Reference in version 1.3.4 and below via the quiz submission and completion mechanisms due to missing validation on a user controlled key. This makes it possible for unauthentic... Read more

    Affected Products : chained_quiz
    • Published: Sep. 18, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-8565

    The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the wplp_gdpr_install_plugin_ajax_handler() functi... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-35436

    CISA Thorium uses '.unwrap()' to handle errors related to account verification email messages. An unauthenticated remote attacker could cause a crash by providing a specially crafted email address or response. Fixed in commit 6a65a27.... Read more

    Affected Products : thorium
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-9862

    Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.... Read more

    Affected Products : ghost
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Server-Side Request Forgery

  • 0.0

    NA
    CVE-2023-53360

    In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: Rework scratch handling for READ_PLUS (again) I found that the read code might send multiple requests using the same nfs_pgio_header, but nfs4_proc_read_setup() is only called ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53356

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Add null pointer check in gserial_suspend Consider a case where gserial_disconnect has already cleared gser->ioport. And if gserial_suspend gets called afterwards... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53349

    In the Linux kernel, the following vulnerability has been resolved: media: ov2740: Fix memleak in ov2740_init_controls() There is a kmemleak when testing the media/i2c/ov2740.c with bpf mock device: unreferenced object 0xffff8881090e19e0 (size 16): c... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53343

    In the Linux kernel, the following vulnerability has been resolved: icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). With some IPv6 Ext Hdr (RPL, SRv6, etc.), we can send a packet that has the link-local address as src and dst IP a... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2022-50373

    In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix race in lowcomms This patch fixes a race between queue_work() in _dlm_lowcomms_commit_msg() and srcu_read_unlock(). The queue_work() can take the final reference of a dlm_m... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2022-50369

    In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix null-ptr-deref in vkms_release() A null-ptr-deref is triggered when it tries to destroy the workqueue in vkms->output.composer_workq in vkms_release(). KASAN: null-ptr-d... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50357

    In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: fix some leaks in probe The dwc3_get_properties() function calls: dwc->usb_psy = power_supply_get_by_name(usb_psy_name); so there is some additional clean up require... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2024-25011

    Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default. Authentication checks can be configured to remediate the information disclosure issue.... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Authentication

  • 9.4

    CRITICAL
    CVE-2025-10205

    Use of a One-Way Hash with a Predictable Salt vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5. and newer versions... Read more

    Affected Products :
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Cryptography

  • 8.9

    HIGH
    CVE-2024-48851

    Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.A remote code execution is possible due to an improper input validation. This issue affects FLXEON: through 9.3.5.... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-59416

    The Scratch Channel is a news website. If the user makes a fork, they can change the admins and make an article. Since the API uses a POST request, it will make an article. This issue is fixed in v1.2.... Read more

    Affected Products :
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2023-53358

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue under cocurrent smb2 tree disconnect There is UAF issue under cocurrent smb2 tree disconnect. This patch introduce TREE_CONN_EXPIRE flags for tcon to avoid cocurre... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2022-50367

    In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfs_mdt_destroy In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails, which causes inode->i_private uninitialized. Then nilf... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4527 Results