Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2023-53302

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwl4965: Add missing check for create_singlethread_workqueue() Add the check for the return value of the create_singlethread_workqueue() in order to avoid NULL pointer dereference... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-10471

    A vulnerability was detected in ZKEACMS 4.3. Impacted is the function Proxy of the file src/ZKEACMS/Controllers/MediaController.cs. Performing manipulation of the argument url results in server-side request forgery. It is possible to initiate the attack r... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.0

    MEDIUM
    CVE-2025-59397

    Open Web Analytics (OWA) before 1.8.1 allows SQL injection.... Read more

    Affected Products : open_web_analytics
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-52344

    Multiple Cross Site Scripting (XSS) vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project Description input fields.... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.1

    LOW
    CVE-2025-59399

    libocpp before 0.28.0 allows a denial of service (EVerest crash) because a secondary exception is thrown during error message generation.... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2023-53301

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix kernel crash due to null io->bio We should return when io->bio is null before doing anything. Otherwise, panic. BUG: kernel NULL pointer dereference, address: 000000000000001... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Denial of Service

  • 2.3

    LOW
    CVE-2025-43792

    Remote staging in Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly obtain t... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Server-Side Request Forgery

  • 0.0

    NA
    CVE-2023-53299

    In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix leak of 'r10bio->remaining' for recovery raid10_sync_request() will add 'r10bio->remaining' for both rdev and replacement rdev. However, if the read io fails, recovery_re... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-10203

    Relative path traversal vulnerability due to improper input validation in Digilent WaveForms that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .DWF3WORK file. This vulnera... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2023-53300

    In the Linux kernel, the following vulnerability has been resolved: media: hi846: Fix memleak in hi846_init_controls() hi846_init_controls doesn't clean the allocated ctrl_hdlr in case there is a failure, which causes memleak. Add v4l2_ctrl_handler_free... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025

  • 0.0

    NA
    CVE-2023-53297

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp conn->chan_lock isn't acquired before l2cap_get_chan_by_scid, if l2cap_get_chan_by_scid returns NULL, then 'bad unlock... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53292

    In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix NULL dereference on q->elevator in blk_mq_elv_switch_none After grabbing q->sysfs_lock, q->elevator may become NULL because of elevator switch. Fix the NULL dereference on ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-59140

    backlash parses collected strings with escapes. On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally identical to the previous patch version, but with a malware pay... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Supply Chain

  • 0.0

    NA
    CVE-2023-53264

    In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imxrt1050: fix memory leak in imxrt1050_clocks_probe Use devm_of_iomap() instead of of_iomap() to automatically handle the unused ioremap region. If any error occurs, regi... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53298

    In the Linux kernel, the following vulnerability has been resolved: nfc: fix memory leak of se_io context in nfc_genl_se_io The callback context for sending/receiving APDUs to/from the selected secure element is allocated inside nfc_genl_se_io and suppo... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Memory Corruption

  • 3.2

    LOW
    CVE-2025-59437

    The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current vers... Read more

    Affected Products : ip
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Server-Side Request Forgery

  • 0.0

    NA
    CVE-2023-53263

    In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create We can't simply free the connector after calling drm_connector_init on it. We need to clean up the drm... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53285

    In the Linux kernel, the following vulnerability has been resolved: ext4: add bounds checking in get_max_inline_xattr_value_size() Normally the extended attributes in the inode body would have been checked when the inode is first opened, but if someone ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-43800

    Cross-site scripting (XSS) vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a craf... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2023-53284

    In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: check for null return of devm_kzalloc() in dpu_writeback_init() Because of the possilble failure of devm_kzalloc(), dpu_wb_conn might be NULL and will cause null pointer de... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4478 Results