Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2023-54203

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr When smb1 mount fails, KASAN detect slab-out-of-bounds in init_smb2_rsp_hdr like the following one. For smb1 negotiate(56bytes) , init... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-54207

    In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Correct devm device reference for hidinput input_dev name Reference the HID device rather than the input device for the devm allocation of the input_dev name. Referencing ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-54206

    In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: fix filter idr initialization The cited commit moved idr initialization too early in fl_change() which allows concurrent users to access the filter that is still bein... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-69020

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Newsletters newsletters-lite allows Stored XSS.This issue affects Newsletters: from n/a through <= 4.12.... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-68998

    Cross-Site Request Forgery (CSRF) vulnerability in Heateor Support Heateor Social Login heateor-social-login allows Cross Site Request Forgery.This issue affects Heateor Social Login: from n/a through <= 1.1.39.... Read more

    Affected Products : social_login
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-68997

    Authorization Bypass Through User-Controlled Key vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through <= 7.6.40.... Read more

    Affected Products : wpdiscuz
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2023-54213

    In the Linux kernel, the following vulnerability has been resolved: USB: sisusbvga: Add endpoint checks The syzbot fuzzer was able to provoke a WARNING from the sisusbvga driver: ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 3 != t... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-69013

    Missing Authorization vulnerability in jetmonsters Stratum stratum allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stratum: from n/a through <= 1.6.1.... Read more

    Affected Products : stratum
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-69010

    Missing Authorization vulnerability in themebeez Themebeez Toolkit themebeez-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Themebeez Toolkit: from n/a through <= 1.3.5.... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-69009

    Missing Authorization vulnerability in kamleshyadav Medicalequipment medicalequipment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Medicalequipment: from n/a through <= 1.0.9.... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2023-54202

    In the Linux kernel, the following vulnerability has been resolved: drm/i915: fix race condition UAF in i915_perf_add_config_ioctl Userspace can guess the id value and try to race oa_config object creation with config remove, resulting in a use-after-fr... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Race Condition

  • 5.1

    MEDIUM
    CVE-2025-15241

    A security vulnerability has been detected in CloudPanel Community Edition up to 2.5.1. The affected element is an unknown function of the file /admin/users of the component HTTP Header Handler. Such manipulation of the argument Referer leads to open redi... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2023-54179

    In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Array index may go out of bound Klocwork reports array 'vha->host_str' of size 16 may use index value(s) 16..19. Use snprintf() instead of sprintf().... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-54173

    In the Linux kernel, the following vulnerability has been resolved: bpf: Disable preemption in bpf_event_output We received report [1] of kernel crash, which is caused by using nesting protection without disabled preemption. The bpf_event_output can be... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2022-50875

    In the Linux kernel, the following vulnerability has been resolved: of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop() When kmalloc() fail to allocate memory in kasprintf(), fn_1 or fn_2 will be NULL, and ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50834

    In the Linux kernel, the following vulnerability has been resolved: nfc: Fix potential resource leaks nfc_get_device() take reference for the device, add missing nfc_put_device() to release it when not need anymore. Also fix the style warnning by use er... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025

  • 0.0

    NA
    CVE-2022-50830

    In the Linux kernel, the following vulnerability has been resolved: auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() hd44780_probe() allocates a memory chunk for hd with kzalloc() and makes "lcd->drvdata->hd44780" point to it. When we ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-68982

    Missing Authorization vulnerability in designthemes DesignThemes LMS Addon designthemes-lms-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes LMS Addon: from n/a through <= 2.6.... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-68984

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Puca puca allows PHP Local File Inclusion.This issue affects Puca: from n/a through <= 2.6.39.... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2022-50785

    In the Linux kernel, the following vulnerability has been resolved: fsi: occ: Prevent use after free Use get_device and put_device in the open and close functions to make sure the device doesn't get freed while a file descriptor is open. Also, lock arou... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4671 Results