Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2023-53641

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hif_usb: fix memory leak of remain_skbs hif_dev->remain_skb is allocated and used exclusively in ath9k_hif_usb_rx_stream(). It is implied that an allocated remain_skb is pr... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53644

    In the Linux kernel, the following vulnerability has been resolved: media: radio-shark: Add endpoint checks The syzbot fuzzer was able to provoke a WARNING from the radio-shark2 driver: ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2023-53646

    In the Linux kernel, the following vulnerability has been resolved: drm/i915/perf: add sentinel to xehp_oa_b_counters Arrays passed to reg_in_range_table should end with empty record. The patch solves KASAN detected bug with signature: BUG: KASAN: glob... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53648

    In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer smatch error: sound/pci/ac97/ac97_codec.c:2354 snd_ac97_mixer() error: we previously assumed 'rac97' could be null (see line ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53663

    In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Check instead of asserting on nested TSC scaling support Check for nested TSC scaling support on nested SVM VMRUN instead of asserting that TSC scaling is exposed to L1 if L1... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2023-53656

    In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: Don't migrate perf to the CPU going to teardown The driver needs to migrate the perf context if the current using CPU going to teardown. By the time calling the cpuh... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Race Condition

  • 8.6

    HIGH
    CVE-2025-48981

    An insecure implementation of the proprietary protocol DNET in Product CGM MEDICO allows attackers within the intranet to eavesdrop and manipulate data on the protocol because encryption is optional for this connection.... Read more

    Affected Products :
    • Published: Oct. 08, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Cryptography

  • 0.0

    NA
    CVE-2023-53654

    In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Add validation before accessing cgx and lmac with the addition of new MAC blocks like CN10K RPM and CN10KB RPM_USX, LMACs are noncontiguous and CGX blocks are also noncont... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2023-53650

    In the Linux kernel, the following vulnerability has been resolved: fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() If 'mipid_detect()' fails, we must free 'md' to avoid a memory leak.... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-6242

    A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods fetch and process media from user-provided URLs without adequate rest... Read more

    Affected Products : vllm
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-1826

    IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034, 7.0.3 to 7.0.3 iFix016, and 7.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host net... Read more

    Affected Products : jazz_foundation
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2023-53652

    In the Linux kernel, the following vulnerability has been resolved: vdpa: Add features attr to vdpa_nl_policy for nlattr length check The vdpa_nl_policy structure is used to validate the nlattr when parsing the incoming nlmsg. It will ensure the attribu... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2025-3450

    An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network-based attacker to delete data causing denial of service conditions.... Read more

    Affected Products : automation_runtime
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Race Condition

  • 7.5

    HIGH
    CVE-2025-43914

    Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60... Read more

    Affected Products :
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2025-11192

    A vulnerability in Extreme Networks’ Fabric Engine (VOSS) before 9.3 was discovered. When SD-WAN AutoSense is enabled on a port, it may automatically configure fabric connectivity without validating ISIS authentication settings. The SD-WAN AutoSense imple... Read more

    Affected Products :
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-11406

    A security flaw has been discovered in kaifangqian kaifangqian-base up to 7b3faecda13848b3ced6c17c7423b76c5b47b8ab. This issue affects the function getAllUsers of the file kaifangqian-parent/kaifangqian-system/src/main/java/com/kaifangqian/modules/system/... Read more

    Affected Products :
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-11407

    A weakness has been identified in D-Link DI-7001 MINI 24.04.18B1. Impacted is an unknown function of the file /upgrade_filter.asp. This manipulation of the argument path causes os command injection. The attack may be initiated remotely. The exploit has be... Read more

    Affected Products :
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-61910

    The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A BPv7 bundle with a malformed extension block causes uncontrolled memory allocation inside ION-DTN 4.1.3s, leading to receiver thread term... Read more

    Affected Products :
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Denial of Service

  • 9.9

    CRITICAL
    CVE-2025-44823

    Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/get_users call. This is GL:NLS#475.... Read more

    Affected Products : log_server
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Information Disclosure

  • 4.7

    MEDIUM
    CVE-2025-48464

    Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information.... Read more

    Affected Products :
    • Published: Oct. 08, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Authentication
Showing 20 of 3788 Results