Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2023-53297

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp conn->chan_lock isn't acquired before l2cap_get_chan_by_scid, if l2cap_get_chan_by_scid returns NULL, then 'bad unlock... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53290

    In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix fout leak in hbm's run_bpf_prog Fix fout being fopen'ed but then not subsequently fclose'd. In the affected branch, fout is otherwise going out of scope.... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53279

    In the Linux kernel, the following vulnerability has been resolved: misc: vmw_balloon: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53274

    In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: mt8183: Add back SSPM related clocks This reverts commit 860690a93ef23b567f781c1b631623e27190f101. On the MT8183, the SSPM related clocks were removed claiming a lack of... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53266

    In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Fix possible memory leak of ffh_ctxt Allocated 'ffh_ctxt' memory leak is possible if the SMCCC version and conduit checks fail and -EOPNOTSUPP is returned without freeing t... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-59145

    color-name is a JSON with CSS color names. On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload ... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Supply Chain

  • 6.9

    MEDIUM
    CVE-2025-43799

    Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a us... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-10475

    A weakness has been identified in SpyShelter up to 15.4.0.1015. Affected is an unknown function in the library SpyShelter.sys of the component IOCTL Handler. This manipulation causes denial of service. The attack needs to be launched locally. The exploit ... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2025-43791

    Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web scr... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.5

    HIGH
    CVE-2025-10203

    Relative path traversal vulnerability due to improper input validation in Digilent WaveForms that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .DWF3WORK file. This vulnera... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Path Traversal

  • 2.3

    LOW
    CVE-2025-10316

    The extension "Form to Database" is susceptible to Cross-Site Scripting. This issue affects the following versions: before 2.2.5, from 3.0.0 before 3.2.2, from 4.0.0 before 4.2.3, from 5.0.0 before 5.0.2.... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-43802

    Stored cross-site scripting (XSS) vulnerability in a custom object’s /o/c/<object-name> API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through upda... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-59331

    is-arrayish checks if an object can be used like an Array. On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack. Version 0.3.3 was published, functionally identical to the previous patch version, but with a... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Supply Chain

  • 8.8

    HIGH
    CVE-2025-59330

    error-ex allows error subclassing and stack customization. On 8 September 2025, an npm publishing account for error-ex was taken over after a phishing attack. Version 1.3.3 was published, functionally identical to the previous patch version, but with a ma... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Supply Chain

  • 5.9

    MEDIUM
    CVE-2025-59154

    Openfire is an XMPP server licensed under the Open Source Apache License. Openfire’s SASL EXTERNAL mechanism for client TLS authentication contains a vulnerability in how it extracts user identities from X.509 certificates. Instead of parsing the structur... Read more

    Affected Products : openfire
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-59144

    debug is a JavaScript debugging utility. On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally identical to the previous patch version, but with a malware payload added ... Read more

    Affected Products : debug
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Supply Chain

  • 8.8

    HIGH
    CVE-2025-59140

    backlash parses collected strings with escapes. On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally identical to the previous patch version, but with a malware pay... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Supply Chain

  • 4.8

    MEDIUM
    CVE-2025-43800

    Cross-site scripting (XSS) vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a craf... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-52344

    Multiple Cross Site Scripting (XSS) vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project Description input fields.... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-58172

    drawnix is an all in one open-source whiteboard tool. In drawnix versions through 0.2.1, a cross-site scripting (XSS) vulnerability exists in the debug logging functionality. User controlled content is inserted directly into the DOM via innerHTML without ... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4288 Results