Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2023-53379

    In the Linux kernel, the following vulnerability has been resolved: usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() Smatch reports: drivers/usb/phy/phy-tahvo.c: tahvo_usb_probe() warn: missing unwind goto? After geting irq, if ret < 0, it wil... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53373

    In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request.... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53372

    In the Linux kernel, the following vulnerability has been resolved: sctp: fix a potential overflow in sctp_ifwdtsn_skip Currently, when traversing ifwdtsn skips with _sctp_walk_ifwdtsn, it only checks the pos against the end of the chunk. However, the d... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-50255

    Cross Site Request Forgery (CSRF) vulnerability in Smartvista BackOffice SmartVista Suite 2.2.22 via crafted GET request.... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 0.0

    NA
    CVE-2023-53371

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create The memory pointed to by the fs->any pointer is not freed in the error path of mlx5e_fs_tt_redirect_any_create, which can l... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-10650

    SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, allowing unauthorized privilege escalation to admin via SSH.... Read more

    Affected Products : hypercloud
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-30519

    Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard administrative means. An attacker with network access to the device can gain administrative access to the system.... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-47698

    An adjacent attacker without authentication can exploit this vulnerability to retrieve a set of user-privileged credentials. These credentials are present during the firmware upgrade procedure.... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authentication

  • 7.7

    HIGH
    CVE-2025-53947

    A local attacker with low privileges on the Windows system where the software is installed can exploit this vulnerability to corrupt sensitive data. A data folder is created with very weak privileges, allowing any user logged into the Windows system to... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2022-50400

    In the Linux kernel, the following vulnerability has been resolved: staging: greybus: audio_helper: remove unused and wrong debugfs usage In the greybus audio_helper code, the debugfs file for the dapm has the potential to be removed and memory will be ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-54754

    An attacker with adjacent access, without authentication, can exploit this vulnerability to retrieve a hard-coded password embedded in publicly available software. This password can then be used to decrypt sensitive network traffic, affecting the Cogne... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2022-50394

    In the Linux kernel, the following vulnerability has been resolved: i2c: ismt: Fix an out-of-bounds bug in ismt_access() When the driver does not check the data from the user, the variable 'data->block[0]' may be very large to cause an out-of-bounds bug... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-58756

    MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in `model_dict = torch.load(full_path, map_location=torch.device(device), weights_only=True)` in monai/bundle/scripts.py , `weights_only=T... Read more

    Affected Products : medical_open_network_for_ai
    • Published: Sep. 09, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-58757

    MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the `pickle_operations` function in `monai/data/utils.py` automatically handles dictionary key-value pairs ending with a specific suffix a... Read more

    Affected Products : medical_open_network_for_ai
    • Published: Sep. 09, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-58755

    MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. The extractall function `zip_file.extractall(output_dir)` is used directly to process compressed files. It is used in many places in the project. In versions up to and including... Read more

    Affected Products : medical_open_network_for_ai
    • Published: Sep. 09, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Path Traversal

  • 9.9

    CRITICAL
    CVE-2025-55190

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive... Read more

    Affected Products : argo-cd argo_cd
    • Published: Sep. 04, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2019-25225

    `sanitize-html` prior to version 2.0.0-beta is vulnerable to Cross-site Scripting (XSS). The `sanitizeHtml()` function in `index.js` does not sanitize content when using the custom `transformTags` option, which is intended to convert attribute values into... Read more

    Affected Products : sanitize-html
    • Published: Sep. 08, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2014-125128

    'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scripting (XSS). The function 'naughtyHref' doesn't properly validate the hyperreference (`href`) attribute in anchor tags (`<a>`), allowing bypasses that contain different casings, whites... Read more

    Affected Products : sanitize-html
    • Published: Sep. 08, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-10409

    A weakness has been identified in SourceCodester Student Grading System 1.0. This affects an unknown part of the file /rms.php?page=users. Executing manipulation of the argument fname can lead to sql injection. The attack can be launched remotely. The exp... Read more

    • Published: Sep. 14, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-8893

    A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the cont... Read more

    • Published: Sep. 16, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4447 Results