Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-61910

    The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A BPv7 bundle with a malformed extension block causes uncontrolled memory allocation inside ION-DTN 4.1.3s, leading to receiver thread term... Read more

    Affected Products :
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2025-43829

    Stored cross-site scripting (XSS) vulnerability in diagram type products in Commerce in Liferay Portal 7.4.3.18 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 18 through update 92 allows remote ... Read more

    Affected Products : liferay_portal dxp
    • Published: Oct. 08, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-59303

    HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is used, accepts config snippets from users with create/update permissions. This can result in obtaining an ingress token secret as a response. The fixed versions o... Read more

    Affected Products :
    • Published: Oct. 08, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-6242

    A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods fetch and process media from user-provided URLs without adequate rest... Read more

    Affected Products : vllm
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.7

    MEDIUM
    CVE-2025-61776

    Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to `api.nuget.org` vi... Read more

    Affected Products : dependency-track
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Supply Chain

  • 0.0

    NA
    CVE-2023-53685

    In the Linux kernel, the following vulnerability has been resolved: tun: Fix memory leak for detached NAPI queue. syzkaller reported [0] memory leaks of sk and skb related to the TUN device with no repro, but we can reproduce it easily with: struct i... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53684

    In the Linux kernel, the following vulnerability has been resolved: xfrm: Zero padding when dumping algos and encap When copying data to user-space we should ensure that only valid data is copied over. Padding in structures may be filled with random (p... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2023-53676

    In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() The function lio_target_nacl_info_show() uses sprintf() in a loop to print details for every iSCSI connection in ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53657

    In the Linux kernel, the following vulnerability has been resolved: ice: Don't tx before switchdev is fully configured There is possibility that ice_eswitch_port_start_xmit might be called while some resources are still not allocated which might cause N... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-1826

    IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034, 7.0.3 to 7.0.3 iFix016, and 7.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host net... Read more

    Affected Products : jazz_foundation
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2023-53683

    In the Linux kernel, the following vulnerability has been resolved: fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() syzbot is hitting WARN_ON() in hfsplus_cat_{read,write}_inode(), for crafted filesystem image can contain bogus lengt... Read more

    Affected Products : linux_kernel
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2025-52424

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more

    Affected Products : quts_hero qts
    • Published: Oct. 03, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Denial of Service

  • 5.1

    MEDIUM
    CVE-2025-52866

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more

    Affected Products : quts_hero qts
    • Published: Oct. 03, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Denial of Service

  • 5.1

    MEDIUM
    CVE-2025-52862

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more

    Affected Products : quts_hero qts
    • Published: Oct. 03, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Denial of Service

  • 5.1

    MEDIUM
    CVE-2025-52860

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more

    Affected Products : quts_hero qts
    • Published: Oct. 03, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Denial of Service

  • 5.1

    MEDIUM
    CVE-2025-52859

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more

    Affected Products : quts_hero qts
    • Published: Oct. 03, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Denial of Service

  • 5.1

    MEDIUM
    CVE-2025-52858

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more

    Affected Products : quts_hero qts
    • Published: Oct. 03, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Denial of Service

  • 5.1

    MEDIUM
    CVE-2025-52857

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more

    Affected Products : quts_hero qts
    • Published: Oct. 03, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Denial of Service

  • 5.1

    MEDIUM
    CVE-2025-52855

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more

    Affected Products : quts_hero qts
    • Published: Oct. 03, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Denial of Service

  • 7.6

    HIGH
    CVE-2025-52653

    HCL MyXalytics product is affected by Cross Site Scripting vulnerability in the web application. This can allow the execution of unauthorized scripts, potentially resulting in unauthorized actions or access.... Read more

    Affected Products : dryice_myxalytics
    • Published: Oct. 03, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3874 Results