Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-11804

    The JB News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'jbticker' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2023-53711

    In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a potential data corruption We must ensure that the subrequests are joined back into the head before we can retransmit a request. If the head was not on the commit lists, becau... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53708

    In the Linux kernel, the following vulnerability has been resolved: ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects If a badly constructed firmware includes multiple `ACPI_TYPE_PACKAGE` objects while evaluating the AMD LPS0 _DSM, there will ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 2.3

    LOW
    CVE-2025-11966

    In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or re... Read more

    Affected Products : vert.x-web
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2023-53731

    In the Linux kernel, the following vulnerability has been resolved: netlink: fix potential deadlock in netlink_set_err() syzbot reported a possible deadlock in netlink_set_err() [1] A similar issue was fixed in commit 1d482e666b8e ("netlink: disable IR... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Race Condition

  • 6.4

    MEDIUM
    CVE-2025-11867

    The Bg Book Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `book_author` post meta, rendered through the `[book_author]` shortcode, in all versions up to, and including, 1.25. This is due to the plugin not properly esc... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2023-53712

    In the Linux kernel, the following vulnerability has been resolved: ARM: 9317/1: kexec: Make smp stop calls asynchronous If a panic is triggered by a hrtimer interrupt all online cpus will be notified and set offline. But as highlighted by commit 19dbdc... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2023-53710

    In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix error code of return in mt7921_acpi_read Kernel NULL pointer dereference when ACPI SAR table isn't implemented well. Fix the error code of return to mark the ACP... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50565

    In the Linux kernel, the following vulnerability has been resolved: wifi: plfxlc: fix potential memory leak in __lf_x_usb_enable_rx() urbs does not be freed in exception paths in __lf_x_usb_enable_rx(). That will trigger memory leak. To fix it, add kfre... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50564

    In the Linux kernel, the following vulnerability has been resolved: s390/netiucv: Fix return type of netiucv_tx() With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), indirect call targets are validated against the expected function poin... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2022-50562

    In the Linux kernel, the following vulnerability has been resolved: tpm: acpi: Call acpi_put_table() to fix memory leak The start and length of the event log area are obtained from TPM2 or TCPA table, so we call acpi_get_table() to get the ACPI informat... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2016-15048

    AMTT Hotel Broadband Operation System (HiBOS) contains an unauthenticated command injection vulnerability in the /manager/radius/server_ping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-11880

    The SM CountDown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's smcountdown shortcode in versions less than, or equal to, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2023-53725

    In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe Smatch reports: drivers/clocksource/timer-cadence-ttc.c:529 ttc_timer_probe() warn: 'timer_baseaddr' from of_iomap() ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53700

    In the Linux kernel, the following vulnerability has been resolved: media: max9286: Fix memleak in max9286_v4l2_register() There is a kmemleak when testing the media/i2c/max9286.c with bpf mock device: kmemleak: 5 new suspected memory leaks (see /sys/k... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53726

    In the Linux kernel, the following vulnerability has been resolved: arm64: csum: Fix OoB access in IP checksum code for negative lengths Although commit c2c24edb1d9c ("arm64: csum: Fix pathological zero-length calls") added an early return for zero-leng... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53706

    In the Linux kernel, the following vulnerability has been resolved: mm/vmemmap/devdax: fix kernel crash when probing devdax devices commit 4917f55b4ef9 ("mm/sparse-vmemmap: improve memory savings for compound devmaps") added support for using optimized ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50576

    In the Linux kernel, the following vulnerability has been resolved: serial: pch: Fix PCI device refcount leak in pch_request_dma() As comment of pci_get_slot() says, it returns a pci_device with its refcount increased. The caller must decrement the refe... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2025-11866

    The Photographers galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes (`w`, `h`, `raw_css`, `look`, etc.) in all versions up to, and including, 1.1.8. This is due to the plugin not properly sanitiz... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-11878

    The ST Categories Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's st-categories shortcode in versions less than, or equal to, 1.0.0. This is due to insufficient input sanitization and output escaping on user suppl... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3687 Results