Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2025-41010

    Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberus Sintra. Cross-Origin Resource Sharing (CORS) allows browsers to make cross-domain requests in a controlled manner. This request has an “Origin” header that identifies the domain makin... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-57444

    An authenticated cross-site scripting (XSS) vulnerability in the Administrative interface of Radware AlteonOS Web UI Management v33.0.4.50 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description param... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2023-53515

    In the Linux kernel, the following vulnerability has been resolved: virtio-mmio: don't break lifecycle of vm_dev vm_dev has a separate lifecycle because it has a 'struct device' embedded. Thus, having a release callback for it is correct. Allocating th... Read more

    Affected Products : linux_kernel
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-28357

    A CRLF injection vulnerability in Neto CMS v6.313.0 through v6.314.0 allows attackers to execute arbitrary code via supplying a crafted HTTP request.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 7.6

    HIGH
    CVE-2025-8679

    In ExtremeGuest Essentials before 25.5.0, captive-portal may permit unauthorized access via manual brute-force procedure. Under certain ExtremeGuest Essentials captive-portal SSID configurations, repeated manual login attempts may allow an unauthenticated... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-34182

    In Deciso OPNsense before 25.7.4, when creating an "Interfaces: Devices: Point-to-Point" entry, the value of the parameter ptpid is not sanitized of HTML-related characters/strings. This value is directly displayed when visiting the page/interfaces_assign... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.4

    HIGH
    CVE-2025-58776

    KV Studio versions 12.23 and prior contain a stack-based buffer overflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.... Read more

    Affected Products : kv_studio
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-58775

    KV STUDIO and VT5-WX15/WX12 contain a stack-based buffer overflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53521

    In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() A fix for: BUG: KASAN: slab-out-of-bounds in ses_intf_remove+0x23f/0x270 [ses] Read of size 8 at addr ffff88a10d32e5d8 by task rm... Read more

    Affected Products : linux_kernel
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53522

    In the Linux kernel, the following vulnerability has been resolved: cgroup,freezer: hold cpu_hotplug_lock before freezer_mutex syzbot is reporting circular locking dependency between cpu_hotplug_lock and freezer_mutex, for commit f5d39b020809 ("freezer,... Read more

    Affected Products : linux_kernel
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2023-53520

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix hci_suspend_sync crash If hci_unregister_dev() frees the hci_dev object but hci_suspend_notifier may still be accessing it, it can cause the program to crash. Here's the ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Race Condition

  • 4.8

    MEDIUM
    CVE-2025-40648

    Stored Cross-Site Scripting (XSS) vulnerability in Issabel v5.0.0, consisting of a stored XSS due to a lack of proper validation of user input, through the 'numero_conferencia' parameter in '/index.php?menu=conferencia'.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2023-53513

    In the Linux kernel, the following vulnerability has been resolved: nbd: fix incomplete validation of ioctl arg We tested and found an alarm caused by nbd_ioctl arg without verification. The UBSAN warning calltrace like below: UBSAN: Undefined behaviou... Read more

    Affected Products : linux_kernel
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53519

    In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: add lock to protect parameter num_rdy Getting below error when using KCSAN to check the driver. Adding lock to protect parameter num_rdy when getting the value with... Read more

    Affected Products : linux_kernel
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Race Condition

  • 8.8

    HIGH
    CVE-2025-11020

    An attacker can obtain server information using Path Traversal vulnerability to conduct SQL Injection, which possibly exploits Unrestricted Upload of File with Dangerous Type vulnerability in MarkAny SafePC Enterprise on Windows, Linux.This issue affects ... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2025-61588

    RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. In versions 2.0.2 and below of risc0-zkvm-platform, when the zkVM guest calls sys_read, the host is able to use a crafted response to ... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.0

    HIGH
    CVE-2024-58267

    A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentic... Read more

    Affected Products : rancher
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2023-53514

    In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix memory leak of device names The device names allocated by dev_set_name() need be freed before module unloading, but they can not be freed because the kobject's refcount... Read more

    Affected Products : linux_kernel
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53532

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix deinitialization of firmware resources Currently, in ath11k_ahb_fw_resources_init(), iommu domain mapping is done only for the chipsets having fixed firmware memory. A... Read more

    Affected Products : linux_kernel
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2023-53507

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregister devlink params in case interface is down Currently, in case an interface is down, mlx5 driver doesn't unregister its devlink params, which leads to this WARN[1]. Fi... Read more

    Affected Products : linux_kernel
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
Showing 20 of 4045 Results