Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2022-50557

    In the Linux kernel, the following vulnerability has been resolved: pinctrl: thunderbay: fix possible memory leak in thunderbay_build_functions() The thunderbay_add_functions() will free memory of thunderbay_funcs when everything is ok, but thunderbay_f... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53717

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() Fix a stack-out-of-bounds write that occurs in a WMI response callback function that is called after a t... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 2.3

    LOW
    CVE-2025-11966

    In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or re... Read more

    Affected Products : vert.x-web
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-10570

    The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.38 via the save_refund_request() function. This makes it possible for authenticated attackers, with ... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Authorization

  • 2.4

    LOW
    CVE-2025-62773

    Mercku M6a devices through 2.1.0 allow TELNET sessions via a router.telnet.enabled.update request by an administrator.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-11965

    In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them (e.g. '.git/confi... Read more

    Affected Products : vert.x-web
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2023-53714

    In the Linux kernel, the following vulnerability has been resolved: drm/stm: ltdc: fix late dereference check In ltdc_crtc_set_crc_source(), struct drm_crtc was dereferenced in a container_of() before the pointer check. This could cause a kernel panic. ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50582

    In the Linux kernel, the following vulnerability has been resolved: regulator: core: Prevent integer underflow By using a ratio of delay to poll_enabled_time that is not integer time_remaining underflows and does not exit the loop as expected. As delay ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 8.3

    HIGH
    CVE-2024-58274

    Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2024-08-01 allows execution of a command within $( ) in /center/api/installation/detection JSON data, as exploited in the wild in 2024 and 2025.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2023-53708

    In the Linux kernel, the following vulnerability has been resolved: ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects If a badly constructed firmware includes multiple `ACPI_TYPE_PACKAGE` objects while evaluating the AMD LPS0 _DSM, there will ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50576

    In the Linux kernel, the following vulnerability has been resolved: serial: pch: Fix PCI device refcount leak in pch_request_dma() As comment of pci_get_slot() says, it returns a pci_device with its refcount increased. The caller must decrement the refe... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53706

    In the Linux kernel, the following vulnerability has been resolved: mm/vmemmap/devdax: fix kernel crash when probing devdax devices commit 4917f55b4ef9 ("mm/sparse-vmemmap: improve memory savings for compound devmaps") added support for using optimized ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53726

    In the Linux kernel, the following vulnerability has been resolved: arm64: csum: Fix OoB access in IP checksum code for negative lengths Although commit c2c24edb1d9c ("arm64: csum: Fix pathological zero-length calls") added an early return for zero-leng... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53702

    In the Linux kernel, the following vulnerability has been resolved: s390/crypto: use vector instructions only if available for ChaCha20 Commit 349d03ffd5f6 ("crypto: s390 - add crypto library interface for ChaCha20") added a library interface to the s39... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2023-53709

    In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Handle race between rb_move_tail and rb_check_pages It seems a data race between ring_buffer writing and integrity check. That is, RB_FLAG of head_page is been updating, wh... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2023-53716

    In the Linux kernel, the following vulnerability has been resolved: net: fix skb leak in __skb_tstamp_tx() Commit 50749f2dd685 ("tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.") added a call to skb_orphan_frags_rx() to fix leaks with z... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53718

    In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not swap cpu_buffer during resize process When ring_buffer_swap_cpu was called during resize process, the cpu buffer was swapped in the middle, resulting in incorrect st... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2023-53720

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Release the label when replacing existing ct entry Cited commit doesn't release the label mapping when replacing existing ct entry which leads to following memleak report: u... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2025-11880

    The SM CountDown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's smcountdown shortcode in versions less than, or equal to, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2023-53727

    In the Linux kernel, the following vulnerability has been resolved: net/sched: fq_pie: avoid stalls in fq_pie_timer() When setting a high number of flows (limit being 65536), fq_pie_timer() is currently using too much time as syzbot reported. Add logic... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Denial of Service
Showing 20 of 3749 Results