Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2023-54237

    In the Linux kernel, the following vulnerability has been resolved: net/smc: fix potential panic dues to unprotected smc_llc_srv_add_link() There is a certain chance to trigger the following panic: PID: 5900 TASK: ffff88c1c8af4100 CPU: 1 COMMAND: ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2023-54238

    In the Linux kernel, the following vulnerability has been resolved: mlx5: fix skb leak while fifo resync and push During ptp resync operation SKBs were poped from the fifo but were never freed neither by napi_consume nor by dev_kfree_skb_any. Add call t... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-54255

    In the Linux kernel, the following vulnerability has been resolved: sh: dma: Fix DMA channel offset calculation Various SoCs of the SH3, SH4 and SH4A family, which use this driver, feature a differing number of DMA channels, which can be distributed bet... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-54260

    In the Linux kernel, the following vulnerability has been resolved: cifs: Fix lost destroy smbd connection when MR allocate failed If the MR allocate failed, the smb direct connection info is NULL, then smbd_destroy() will directly return, then the conn... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-54265

    In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix an uninit variable access bug in __ip6_make_skb() Syzbot reported a bug as following: ===================================================== BUG: KMSAN: uninit-value in arch_a... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-54271

    In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init blk-iocost sometimes causes the following crash: BUG: kernel NULL pointer dereference, address: 0000... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2023-54279

    In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fw_getenv will use env entry to determine style of env, however it is legal for firmware to just pass a empty list. Check if first entry ex... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-54304

    In the Linux kernel, the following vulnerability has been resolved: firmware: meson_sm: fix to avoid potential NULL pointer dereference of_match_device() may fail and returns a NULL pointer. Fix this by checking the return value of of_match_device.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025

  • 0.0

    NA
    CVE-2023-54310

    In the Linux kernel, the following vulnerability has been resolved: scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition mptlan_probe() calls mpt_register_lan_device() which initializes the &priv->post_buckets_task work... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2023-54321

    In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential null-ptr-deref in device_add() I got the following null-ptr-deref report while doing fault injection test: BUG: kernel NULL pointer dereference, address: 000... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-54323

    In the Linux kernel, the following vulnerability has been resolved: cxl/pmem: Fix nvdimm registration races A loop of the form: while true; do modprobe cxl_pci; modprobe -r cxl_pci; done ...fails with the following crash signature: BUG: kerne... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2023-54326

    In the Linux kernel, the following vulnerability has been resolved: misc: pci_endpoint_test: Free IRQs before removing the device In pci_endpoint_test_remove(), freeing the IRQs after removing the device creates a small race window for IRQs to be receiv... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Race Condition

  • 5.8

    MEDIUM
    CVE-2025-15262

    A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing manipulation of the argument image results in unrestricted upload. Remote exp... Read more

    Affected Products : simple_php_cms
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-66094

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yada Wiki yada-wiki allows Stored XSS.This issue affects Yada Wiki: from n/a through 3.5.... Read more

    Affected Products : yada_wiki
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-62746

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeFlavors Featured Video for WordPress & VideographyWP allows Stored XSS.This issue affects Featured Video for WordPress & VideographyWP: from n/a thro... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-14426

    The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'edit_rating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attacker... Read more

    Affected Products : strong_testimonials
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2023-54317

    In the Linux kernel, the following vulnerability has been resolved: dm flakey: don't corrupt the zero page When we need to zero some range on a block device, the function __blkdev_issue_zero_pages submits a write bio with the bio vector pointing to the ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2023-54314

    In the Linux kernel, the following vulnerability has been resolved: media: af9005: Fix null-ptr-deref in af9005_i2c_xfer In af9005_i2c_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-54298

    In the Linux kernel, the following vulnerability has been resolved: thermal: intel: quark_dts: fix error pointer dereference If alloc_soc_dts() fails, then we can just return. Trying to free "soc_dts" will lead to an Oops.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-54276

    In the Linux kernel, the following vulnerability has been resolved: nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net Commit f5f9d4a314da ("nfsd: move reply cache initialization into nfsd startup") moved the initialization of th... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 4532 Results