Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-39998

    In the Linux kernel, the following vulnerability has been resolved: scsi: target: target_core_configfs: Add length check to avoid buffer overflow A buffer overflow arises from the usage of snprintf to write into the buffer "buf" in target_lu_gp_members_... Read more

    Affected Products : linux_kernel
    • Published: Oct. 15, 2025
    • Modified: Oct. 29, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39996

    In the Linux kernel, the following vulnerability has been resolved: media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove The original code uses cancel_delayed_work() in flexcop_pci_remove(), which does not guarantee that the d... Read more

    Affected Products : linux_kernel
    • Published: Oct. 15, 2025
    • Modified: Oct. 29, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-39995

    In the Linux kernel, the following vulnerability has been resolved: media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe The state->timer is a cyclic timer that schedules work_i2c_poll and delayed_work_enable_hotplug, while rear... Read more

    Affected Products : linux_kernel
    • Published: Oct. 15, 2025
    • Modified: Oct. 29, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39994

    In the Linux kernel, the following vulnerability has been resolved: media: tuner: xc5000: Fix use-after-free in xc5000_release The original code uses cancel_delayed_work() in xc5000_release(), which does not guarantee that the delayed work item timer_sl... Read more

    Affected Products : linux_kernel
    • Published: Oct. 15, 2025
    • Modified: Oct. 29, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-39993

    In the Linux kernel, the following vulnerability has been resolved: media: rc: fix races with imon_disconnect() Syzbot reports a KASAN issue as below: BUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline] BUG: KASAN: use-after-fr... Read more

    Affected Products : linux_kernel
    • Published: Oct. 15, 2025
    • Modified: Oct. 29, 2025
    • Vuln Type: Race Condition

  • 8.7

    HIGH
    CVE-2025-41068

    Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. This is achieved by sending the creation of an NF with an invalid type via SBI and then requesting its data. The N... Read more

    Affected Products : open5gs open5gs
    • Published: Oct. 27, 2025
    • Modified: Oct. 29, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-41067

    Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. An SBI request that deletes the NRF's own registry causes a check that ends up crashing the NRF process and render... Read more

    Affected Products : open5gs open5gs
    • Published: Oct. 27, 2025
    • Modified: Oct. 29, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-41443

    Mattermost versions 10.5.x <= 10.5.12, 10.11.x <= 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the `/api/v4/teams/{team_id}/c... Read more

    Affected Products : mattermost_server
    • Published: Oct. 16, 2025
    • Modified: Oct. 29, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-8078

    A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W... Read more

    • Published: Oct. 21, 2025
    • Modified: Oct. 28, 2025

  • 4.3

    MEDIUM
    CVE-2025-48025

    In Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000, there is an improper access control vulnerability related to a log file.... Read more

    • Published: Oct. 20, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-26782

    An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300. Incorrect handling of RLC AM PDUs leads to a Denial of S... Read more

    • Published: Oct. 20, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2025-9133

    A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series fir... Read more

    • Published: Oct. 21, 2025
    • Modified: Oct. 28, 2025

  • 3.7

    LOW
    CVE-2025-61748

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 21.0.8 and 25; Oracle GraalVM for JDK: 21.0.8; Orac... Read more

    Affected Products : jdk jre graalvm java_se graalvm_for_jdk
    • Published: Oct. 21, 2025
    • Modified: Oct. 28, 2025

  • 8.8

    HIGH
    CVE-2025-62496

    A vulnerability exists in the QuickJS engine's BigInt string parsing logic (js_bigint_from_string) when attempting to create a BigInt from a string with an excessively large number of digits. The function calculates the necessary number of bits (n_bits) ... Read more

    Affected Products : quickjs
    • Published: Oct. 16, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-36128

    IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to ca... Read more

    Affected Products : linux_kernel aix solaris mq windows i
    • Published: Oct. 16, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-56316

    A SQL injection vulnerability in the content_title parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering.... Read more

    Affected Products : mcms
    • Published: Oct. 17, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-62604

    MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been patched ... Read more

    Affected Products : metersphere
    • Published: Oct. 22, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-50950

    Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function.... Read more

    Affected Products : audiofile
    • Published: Oct. 23, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-54963

    An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may submit a crafted job request that grants read access to files on the filesystem with the permissions of the GXP Job Service proc... Read more

    Affected Products : socet_gxp
    • Published: Oct. 23, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Path Traversal

  • 8.4

    HIGH
    CVE-2025-54964

    An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may inject arbitrary executables. If the Job Service is configured for local-only access, this may allow for privilege escalation in... Read more

    Affected Products : socet_gxp
    • Published: Oct. 23, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Injection
Showing 20 of 3915 Results