Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-40089

    In the Linux kernel, the following vulnerability has been resolved: cxl/features: Add check for no entries in cxl_feature_info cxl EDAC calls cxl_feature_info() to get the feature information and if the hardware has no Features support, cxlfs may be pas... Read more

    Affected Products : linux_kernel
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40099

    In the Linux kernel, the following vulnerability has been resolved: cifs: parse_dfs_referrals: prevent oob on malformed input Malicious SMB server can send invalid reply to FSCTL_DFS_GET_REFERRALS - reply smaller than sizeof(struct get_dfs_referral_rsp... Read more

    Affected Products : linux_kernel
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40101

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST At the end of btrfs_load_block_group_zone_info() the first thing we do is to ensure that if the mapping t... Read more

    Affected Products : linux_kernel
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40104

    In the Linux kernel, the following vulnerability has been resolved: ixgbevf: fix mailbox API compatibility by negotiating supported features There was backward compatibility in the terms of mailbox API. Various drivers from various OSes supporting 10G a... Read more

    Affected Products : linux_kernel
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-54469

    A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer con... Read more

    Affected Products : neuvector
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-40092

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: Refactor bind path to use __free() After an bind/unbind cycle, the ncm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to fre... Read more

    Affected Products : linux_kernel
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40105

    In the Linux kernel, the following vulnerability has been resolved: vfs: Don't leak disconnected dentries on umount When user calls open_by_handle_at() on some inode that is not cached, we will create disconnected dentry for it. If such dentry is a dire... Read more

    Affected Products : linux_kernel
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40096

    In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies When adding dependencies with drm_sched_job_add_dependency(), that function consumes the fence reference both... Read more

    Affected Products : linux_kernel
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40095

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_rndis: Refactor bind path to use __free() After an bind/unbind cycle, the rndis->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to... Read more

    Affected Products : linux_kernel
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-54471

    NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data.... Read more

    Affected Products : neuvector
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cryptography

  • 5.3

    MEDIUM
    CVE-2025-10008

    The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'clean_options' function in all versions up to, and including, 5.1. This makes it possible for un... Read more

    Affected Products :
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-40091

    In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix too early devlink_free() in ixgbe_remove() Since ixgbe_adapter is embedded in devlink, calling devlink_free() prematurely in the ixgbe_remove() path can lead to UAF. Move dev... Read more

    Affected Products : linux_kernel
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-64290

    Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Cross Site Request Forgery.This issue affects Premmerce Product Search for WooCommerce: from n/a through <= 2.2.4.... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 0.0

    NA
    CVE-2025-40102

    In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Prevent access to vCPU events before init Another day, another syzkaller bug. KVM erroneously allows userspace to pend vCPU events for a vCPU that hasn't been initialized ye... Read more

    Affected Products : linux_kernel
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-64220

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReyCommerce Rey Core rey-core allows Stored XSS.This issue affects Rey Core: from n/a through <= 3.1.8.... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-64226

    Cross-Site Request Forgery (CSRF) vulnerability in colabrio Stockie Extra stockie-extra allows Cross Site Request Forgery.This issue affects Stockie Extra: from n/a through <= 1.2.11.... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-64283

    Authorization Bypass Through User-Controlled Key vulnerability in Rometheme RTMKit rometheme-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RTMKit: from n/a through <= 1.6.7.... Read more

    Affected Products : romethemekit_for_elementor
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-64228

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Retrieve Embedded Sensitive Data.This issue affects SUMO Affiliates Pro: from n/a through <= 11.0.0.... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Information Disclosure

  • 5.9

    MEDIUM
    CVE-2025-64289

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Stored XSS.This issue affects Premmerce Product Search for WooCommerce: from n... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-64286

    Cross-Site Request Forgery (CSRF) vulnerability in WpEstate WP Rentals wprentals allows Cross Site Request Forgery.This issue affects WP Rentals: from n/a through <= 3.13.1.... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 3692 Results