Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2023-53517

    In the Linux kernel, the following vulnerability has been resolved: tipc: do not update mtu if msg_max is too small in mtu negotiation When doing link mtu negotiation, a malicious peer may send Activate msg with a very small mtu, e.g. 4 in Shuang's test... Read more

    Affected Products : linux_kernel
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2023-53505

    In the Linux kernel, the following vulnerability has been resolved: clk: tegra: tegra124-emc: Fix potential memory leak The tegra and tegra needs to be freed in the error handling path, otherwise it will be leaked.... Read more

    Affected Products : linux_kernel
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53512

    In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix a memory leak Add a forgotten kfree().... Read more

    Affected Products : linux_kernel
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53511

    In the Linux kernel, the following vulnerability has been resolved: io_uring: fix fget leak when fs don't support nowait buffered read Heming reported a BUG when using io_uring doing link-cp on ocfs2. [1] Do the following steps can reproduce this BUG: ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2023-53527

    In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix memory leak in tb_handle_dp_bandwidth_request() The memory allocated in tb_queue_dp_bandwidth_request() needs to be released once the request is handled to avoid leakin... Read more

    Affected Products : linux_kernel
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.6

    HIGH
    CVE-2024-58260

    A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts.... Read more

    Affected Products : rancher
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2025-40647

    Stored Cross-Site Scripting (XSS) vulnerability in Issabel v5.0.0, consisting of a stored XSS due to a lack of proper validation of user input, through the 'email' parameter in '/index.php?menu=address_book'.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.7

    MEDIUM
    CVE-2025-41421

    Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows — in versions prior to 15.70 of TeamViewer Remote and Tensor — allows an attacker with local, unprivileged access to a device lacking adequate malware protection to esc... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-59685

    Kazaar 1.25.12 allows a JWT with none in the alg field.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-59686

    Kazaar 1.25.12 allows /api/v1/org-id/orders/order-id/documents calls with a modified order-id.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-11233

    Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cygwin target (`x86_64-pc-cygwin`) didn't correctly handle path separators, causing the standard library's Path API to ignore path components separated by backslashes. Due to this, programs comp... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-61690

    KV STUDIO versions 12.23 and prior contain a buffer underflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.... Read more

    Affected Products : kv_studio
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-57444

    An authenticated cross-site scripting (XSS) vulnerability in the Administrative interface of Radware AlteonOS Web UI Management v33.0.4.50 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description param... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.4

    HIGH
    CVE-2025-58775

    KV STUDIO and VT5-WX15/WX12 contain a stack-based buffer overflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53516

    In the Linux kernel, the following vulnerability has been resolved: macvlan: add forgotten nla_policy for IFLA_MACVLAN_BC_CUTOFF The previous commit 954d1fa1ac93 ("macvlan: Add netlink attribute for broadcast cutoff") added one additional attribute name... Read more

    Affected Products : linux_kernel
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-0642

    Use of Hard-coded Credentials, Authorization Bypass Through User-Controlled Key vulnerability in PosCube Hardware Software and Consulting Ltd. Co. Assist allows Excavation, Authentication Bypass.This issue affects Assist: through 10.02.2025.... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2023-53499

    In the Linux kernel, the following vulnerability has been resolved: virtio_net: Fix error unwinding of XDP initialization When initializing XDP in virtnet_open(), some rq xdp initialization may hit an error causing net device open failed. However, previ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025

  • 0.0

    NA
    CVE-2023-53518

    In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix leak in devfreq_dev_release() srcu_init_notifier_head() allocates resources that need to be released with a srcu_cleanup_notifier_head() call. Reported by kmemleak.... Read more

    Affected Products : linux_kernel
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025

  • 0.0

    NA
    CVE-2023-53519

    In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: add lock to protect parameter num_rdy Getting below error when using KCSAN to check the driver. Adding lock to protect parameter num_rdy when getting the value with... Read more

    Affected Products : linux_kernel
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Race Condition

  • 5.1

    MEDIUM
    CVE-2025-41010

    Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberus Sintra. Cross-Origin Resource Sharing (CORS) allows browsers to make cross-domain requests in a controlled manner. This request has an “Origin” header that identifies the domain makin... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 3828 Results