Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-10207

    Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5.... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2023-53354

    In the Linux kernel, the following vulnerability has been resolved: skbuff: skb_segment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 ("skbuff: in skb_segment, call zerocopy functions once per nskb") added the call to zero copy... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50356

    In the Linux kernel, the following vulnerability has been resolved: net: sched: sfb: fix null pointer access issue when sfb_init() fails When the default qdisc is sfb, if the qdisc of dev_queue fails to be inited during mqprio_init(), sfb_reset() is inv... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50367

    In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfs_mdt_destroy In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails, which causes inode->i_private uninitialized. Then nilf... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39819

    In the Linux kernel, the following vulnerability has been resolved: fs/smb: Fix inconsistent refcnt update A possible inconsistent update of refcount was identified in `smb2_compound_op`. Such inconsistent update could lead to possible resource leaks. ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-59342

    esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage lo... Read more

    Affected Products :
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2023-53350

    In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix slicing memory leak The temporary buffer storing slicing configuration data from user is only freed on error. This is a memory leak. Free the buffer unconditionally.... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Memory Corruption

  • 3.1

    LOW
    CVE-2025-59414

    Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints withi... Read more

    Affected Products : nuxt
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2025-59416

    The Scratch Channel is a news website. If the user makes a fork, they can change the admins and make an article. Since the API uses a POST request, it will make an article. This issue is fixed in v1.2.... Read more

    Affected Products :
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Authentication

  • 8.9

    HIGH
    CVE-2024-48851

    Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.A remote code execution is possible due to an improper input validation. This issue affects FLXEON: through 9.3.5.... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-10665

    A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. Affected is an unknown function of the file /Profilers/PProfile/COUNT3s3.php. The manipulation of the argument csem leads to sql injection. Remo... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-9992

    The Ghost Kit – Page Builder Blocks, Motion Effects & Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS field in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escapi... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.6

    MEDIUM
    CVE-2025-59415

    Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicio... Read more

    Affected Products : frappe_lms
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2023-53359

    In the Linux kernel, the following vulnerability has been resolved: USB: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simple... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-37122

    A vulnerability in the web-based management interface of network access control services could allow an unauthenticated remote attacker to conduct a Reflected Cross-Site Scripting (XSS) attack. Successful exploitation could allow an attacker to execute ar... Read more

    Affected Products :
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    CRITICAL
    CVE-2025-58766

    Dyad is a local AI app builder. A critical security vulnerability has been discovered that affected Dyad v0.19.0 and earlier versions that allows attackers to execute arbitrary code on users' systems. The vulnerability affects the application's preview wi... Read more

    Affected Products :
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-9862

    Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.... Read more

    Affected Products : ghost
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.5

    HIGH
    CVE-2025-40933

    Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP ... Read more

    Affected Products :
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2023-53357

    In the Linux kernel, the following vulnerability has been resolved: md/raid10: check slab-out-of-bounds in md_bitmap_get_counter If we write a large number to md/bitmap_set_bits, md_bitmap_checkpage() will return -EINVAL because 'page >= bitmap->pages',... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53349

    In the Linux kernel, the following vulnerability has been resolved: media: ov2740: Fix memleak in ov2740_init_controls() There is a kmemleak when testing the media/i2c/ov2740.c with bpf mock device: unreferenced object 0xffff8881090e19e0 (size 16): c... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4423 Results