Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2023-53604

    In the Linux kernel, the following vulnerability has been resolved: dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path Otherwise the journal_io_cache will leak if dm_register_target() fails.... Read more

    Affected Products : linux_kernel
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025

  • 0.0

    NA
    CVE-2023-53602

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix memory leak in WMI firmware stats Memory allocated for firmware pdev, vdev and beacon statistics are not released during rmmod. Fix it by calling ath11k_fw_stats_free... Read more

    Affected Products : linux_kernel
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Memory Corruption

  • 4.0

    MEDIUM
    CVE-2025-10859

    Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs This vulnerability affects Firefox for iOS < 143... Read more

    Affected Products : firefox
    • Published: Sep. 30, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Information Disclosure

  • 8.6

    HIGH
    CVE-2025-11152

    This vulnerability affects Firefox < 143.0.3.... Read more

    Affected Products : firefox
    • Published: Sep. 30, 2025
    • Modified: Oct. 03, 2025

  • 5.4

    MEDIUM
    CVE-2025-56379

    A stored cross-site scripting (XSS) vulnerability in the blog post feature of ERPNEXT v15.67.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the content field.... Read more

    Affected Products : frappe erpnext
    • Published: Oct. 02, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-61733

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue.... Read more

    Affected Products : kylin
    • Published: Oct. 02, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-61734

    Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended t... Read more

    Affected Products : kylin
    • Published: Oct. 02, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Path Traversal

  • 7.3

    HIGH
    CVE-2025-61735

    Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to versi... Read more

    Affected Products : kylin
    • Published: Oct. 02, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-11139

    A vulnerability was determined in Bjskzy Zhiyou ERP up to 11.0. Affected is the function uploadStudioFile of the component com.artery.form.services.FormStudioUpdater. This manipulation of the argument filepath causes path traversal. Remote exploitation of... Read more

    Affected Products : zhiyou_erp
    • Published: Sep. 29, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-11140

    A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity ... Read more

    Affected Products : zhiyou_erp
    • Published: Sep. 29, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: XML External Entity

  • 4.9

    MEDIUM
    CVE-2025-36099

    IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A privileged user could exploit this vulnerability to cause the server to consume memory resources.... Read more

    Affected Products : websphere_application_server
    • Published: Sep. 29, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2025-36352

    IBM License Metric Tool 9.2.0 through 9.2.40 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cre... Read more

    Affected Products : license_metric_tool
    • Published: Sep. 29, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-36351

    IBM License Metric Tool 9.2.0 through 9.2.40 could allow an authenticated user to bypass access controls in the REST API interface and perform unauthorized actions.... Read more

    Affected Products : license_metric_tool
    • Published: Sep. 29, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Authorization

  • 4.9

    MEDIUM
    CVE-2025-36262

    IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation of input.... Read more

    Affected Products : planning_analytics_local
    • Published: Sep. 30, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-36132

    IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality po... Read more

    Affected Products : planning_analytics_local
    • Published: Sep. 30, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.2

    MEDIUM
    CVE-2023-50300

    IBM Transformation Extender Advanced 10.0.1 could allow a local user to perform unauthorized actions due to improper access controls.... Read more

    Affected Products : transformation_extender_advanced
    • Published: Oct. 01, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2023-49883

    IBM Transformation Extender Advanced 10.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.... Read more

    Affected Products : transformation_extender_advanced
    • Published: Oct. 01, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2023-49881

    IBM Transformation Extender Advanced 10.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.... Read more

    Affected Products : transformation_extender_advanced
    • Published: Oct. 01, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Authentication

  • 4.4

    MEDIUM
    CVE-2023-50301

    IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user.... Read more

    Affected Products : transformation_extender_advanced
    • Published: Oct. 01, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-34207

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 (VA and SaaS deployments) configure the SSH client within Docker instances with the following options: `UserKnownHostsFile=/dev/null`, `Stric... Read more

    • Published: Sep. 29, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 3927 Results