Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2022-50374

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure syzbot is reporting NULL pointer dereference at hci_uart_tty_close() [1], for rcu_sync_enter() is called without rcu_syn... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53339

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix BUG_ON condition in btrfs_cancel_balance Pausing and canceling balance can race to interrupt balance lead to BUG_ON panic in btrfs_cancel_balance. The BUG_ON condition in btr... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2023-53341

    In the Linux kernel, the following vulnerability has been resolved: of/fdt: run soc memory setup when early_init_dt_scan_memory fails If memory has been found early_init_dt_scan_memory now returns 1. If it hasn't found any memory it will return 0, allow... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2023-53356

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Add null pointer check in gserial_suspend Consider a case where gserial_disconnect has already cleared gser->ioport. And if gserial_suspend gets called afterwards... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53363

    In the Linux kernel, the following vulnerability has been resolved: PCI: Fix use-after-free in pci_bus_release_domain_nr() Commit c14f7ccc9f5d ("PCI: Assign PCI domain IDs by ida_alloc()") introduced a use-after-free bug in the bus removal cleanup. The ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53365

    In the Linux kernel, the following vulnerability has been resolved: ip6mr: Fix skb_under_panic in ip6mr_cache_report() skbuff: skb_under_panic: text:ffffffff88771f69 len:56 put:-4 head:ffff88805f86a800 data:ffff887f5f86a850 tail:0x88 end:0x2c0 dev:pim6... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2024-48842

    Use of Hard-coded Credentials vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5 and newer versions... Read more

    Affected Products :
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Authentication

  • 9.0

    CRITICAL
    CVE-2025-58766

    Dyad is a local AI app builder. A critical security vulnerability has been discovered that affected Dyad v0.19.0 and earlier versions that allows attackers to execute arbitrary code on users' systems. The vulnerability affects the application's preview wi... Read more

    Affected Products :
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-37122

    A vulnerability in the web-based management interface of network access control services could allow an unauthenticated remote attacker to conduct a Reflected Cross-Site Scripting (XSS) attack. Successful exploitation could allow an attacker to execute ar... Read more

    Affected Products :
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.6

    MEDIUM
    CVE-2025-59415

    Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicio... Read more

    Affected Products : frappe_lms
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-9992

    The Ghost Kit – Page Builder Blocks, Motion Effects & Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS field in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escapi... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2022-50354

    In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix kfd_process_device_init_vm error handling Should only destroy the ib_mem and let process cleanup worker to free the outstanding BOs. Reset the pointer in pdd->qpd struct... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50363

    In the Linux kernel, the following vulnerability has been resolved: skmsg: pass gfp argument to alloc_sk_msg() syzbot found that alloc_sk_msg() could be called from a non sleepable context. sk_psock_verdict_recv() uses rcu_read_lock() protection. We ne... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2022-50367

    In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfs_mdt_destroy In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails, which causes inode->i_private uninitialized. Then nilf... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53346

    In the Linux kernel, the following vulnerability has been resolved: kernel/fail_function: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To m... Read more

    Affected Products : linux_kernel
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-35436

    CISA Thorium uses '.unwrap()' to handle errors related to account verification email messages. An unauthenticated remote attacker could cause a crash by providing a specially crafted email address or response. Fixed in commit 6a65a27.... Read more

    Affected Products : thorium
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Denial of Service

  • 4.4

    MEDIUM
    CVE-2025-59339

    The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Session-recording ttyrec files, may be handled by the provided osh-encrypt-rsync script that is a helper to rotate, encrypt, sign, copy, and optionally mov... Read more

    Affected Products : the-bastion
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Cryptography

  • 7.7

    HIGH
    CVE-2025-59341

    esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a Local File Inclusion (LFI) issue was identified in the esm.sh service URL handling. An attacker could craft a request that causes the server to read and re... Read more

    Affected Products :
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-8565

    The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the wplp_gdpr_install_plugin_ajax_handler() functi... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Authorization

  • 4.7

    MEDIUM
    CVE-2025-0547

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Paraşüt Software Bizmu allows Cross-Site Scripting (XSS).This issue affects Bizmu: from 2.27.0 through 20250212.... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4430 Results