Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2023-53729

    In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmi_encdec: Restrict string length in decode The QMI TLV value for strings in a lot of qmi element info structures account for null terminated strings with MAX_LEN + 1. If a ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 4.9

    MEDIUM
    CVE-2025-10047

    The Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.3.12 due to insufficient es... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2023-53730

    In the Linux kernel, the following vulnerability has been resolved: blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost adjust_inuse_and_calc_cost() use spin_lock_irq() and IRQ will be enabled when unlock. DEADLOCK might happen if we have he... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2023-53732

    In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix NULL dereference in ni_write_inode Syzbot reports a NULL dereference in ni_write_inode. When creating a new inode, if allocation fails in mi_init function (called in mi_fo... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-41723

    The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-11086

    The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.7. This is due to the plugin not properly validating a user's role prior to registe... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-10588

    The PixelYourSite – Your smart PIXEL (TAG) & API Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 11.1.2. This is due to missing or incorrect nonce validation on the adminEnableGdprAjax() funct... Read more

    Affected Products : pixelyoursite
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 2.7

    LOW
    CVE-2025-41721

    A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a password protected self-signed certificate.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2023-53722

    In the Linux kernel, the following vulnerability has been resolved: md: raid1: fix potential OOB in raid1_remove_disk() If rddev->raid_disk is greater than mddev->raid_disks, there will be an out-of-bounds in raid1_remove_disk(). We have already found s... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2025-11818

    The WP Responsive Meet The Team plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wprm_team' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on user supplie... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.0

    HIGH
    CVE-2025-62775

    Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2023-53719

    In the Linux kernel, the following vulnerability has been resolved: serial: arc_uart: fix of_iomap leak in `arc_serial_probe` Smatch reports: drivers/tty/serial/arc_uart.c:631 arc_serial_probe() warn: 'port->membase' from of_iomap() not released on lin... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025

  • 6.4

    MEDIUM
    CVE-2025-11872

    The Material Design Iconic Font Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdiconic' shortcode in all versions up to, and including, 2 due to insufficient input sanitization and output escaping on user ... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.4

    MEDIUM
    CVE-2025-12033

    The Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pro_version_activation_code' parameter in all versions up to, ... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2023-53720

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Release the label when replacing existing ct entry Cited commit doesn't release the label mapping when replacing existing ct entry which leads to following memleak report: u... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-62661

    Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mediawiki - Thanks Extension,... Read more

    Affected Products :
    • Published: Oct. 21, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2023-53692

    In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline Syzbot found the following issue: loop0: detected capacity change from 0 to 2048 EXT4-fs (loop0): mounted filesys... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50581

    In the Linux kernel, the following vulnerability has been resolved: hfs: fix OOB Read in __hfs_brec_find Syzbot reported a OOB read bug: ================================================================== BUG: KASAN: slab-out-of-bounds in hfs_strcmp+0x1... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50575

    In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() As 'kdata.num' is user-controlled data, if user tries to allocate memory larger than(>=) MAX_ORDER, then kcalloc() w... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025

  • 0.0

    NA
    CVE-2022-50561

    In the Linux kernel, the following vulnerability has been resolved: iio: fix memory leak in iio_device_register_eventset() When iio_device_register_sysfs_group() returns failed, iio_device_register_eventset() needs to free attrs array. Otherwise, kmeml... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 3671 Results