Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-35790

    In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs nodes may be present to the userspace before typec_altmode... Read more

    Affected Products : linux_kernel
    • Published: May. 17, 2024
    • Modified: Jun. 04, 2025

  • 7.8

    HIGH
    CVE-2024-26739

    In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mirred: don't override retval if we already lost the skb If we're redirecting the skb, and haven't called tcf_mirred_forward(), yet, we need to tell the core to drop the ... Read more

    Affected Products : linux_kernel
    • Published: Apr. 03, 2024
    • Modified: Jun. 04, 2025

  • 7.8

    HIGH
    CVE-2022-49063

    In the Linux kernel, the following vulnerability has been resolved: ice: arfs: fix use-after-free when freeing @rx_cpu_rmap The CI testing bots triggered the following splat: [ 718.203054] BUG: KASAN: use-after-free in free_irq_cpu_rmap+0x53/0x80 [ 7... Read more

    Affected Products : linux_kernel
    • Published: Feb. 26, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-21546

    In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix WRITE_SAME No Data Buffer crash In newer version of the SBC specs, we have a NDOB bit that indicates there is no data buffer that gets written out. If this bit is set ... Read more

    Affected Products : linux_kernel linux
    • Published: May. 02, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2021-47037

    In the Linux kernel, the following vulnerability has been resolved: ASoC: q6afe-clocks: fix reprobing of the driver Q6afe-clocks driver can get reprobed. For example if the APR services are restarted after the firmware crash. However currently Q6afe-clo... Read more

    Affected Products : linux_kernel
    • Published: Feb. 28, 2024
    • Modified: Jun. 04, 2025

  • 8.8

    HIGH
    CVE-2025-24859

    A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existi... Read more

    Affected Products : roller
    • Published: Apr. 14, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-27181

    In Apache Linkis <= 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue.... Read more

    Affected Products : linkis
    • Published: Aug. 02, 2024
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2024-38479

    Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which d... Read more

    Affected Products : traffic_server
    • Published: Nov. 14, 2024
    • Modified: Jun. 03, 2025

  • 8.8

    HIGH
    CVE-2024-45034

    Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are ad... Read more

    Affected Products : airflow
    • Published: Sep. 07, 2024
    • Modified: Jun. 03, 2025

  • 8.8

    HIGH
    CVE-2024-45498

    Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAG... Read more

    Affected Products : airflow
    • Published: Sep. 07, 2024
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2024-45784

    Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized u... Read more

    Affected Products : airflow
    • Published: Nov. 15, 2024
    • Modified: Jun. 03, 2025

  • 8.1

    HIGH
    CVE-2024-45033

    Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Apache Airflow Fab Provider: before 1.5.2. When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to ... Read more

    Affected Products : apache-airflow-providers-fab
    • Published: Jan. 08, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-27018

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow MySQL Provider. When user triggered a DAG with dump_sql or load_sql functions they could pass a table parameter from a UI, that could cau... Read more

    Affected Products : apache-airflow-providers-mysql
    • Published: Mar. 19, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-31309

    HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server.  Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_... Read more

    Affected Products : fedora debian_linux traffic_server
    • Published: Apr. 10, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2021-32030

    The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administr... Read more

    • Actively Exploited
    • EPSS Score: %94.16
    • Published: May. 06, 2021
    • Modified: Jun. 03, 2025

  • 8.8

    HIGH
    CVE-2024-23222

    A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this... Read more

    Affected Products : macos iphone_os tvos ipados
    • Actively Exploited
    • EPSS Score: %0.17
    • Published: Jan. 23, 2024
    • Modified: Jun. 03, 2025

  • 6.9

    MEDIUM
    CVE-2025-35939

    Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and... Read more

    Affected Products : craft_cms
    • Actively Exploited
    • Published: May. 07, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2023-39780

    On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. NOTE: for the similar "token-generated module" issue, see CVE-2023-41345; for the similar "token-refres... Read more

    Affected Products : rt-ax55_firmware rt-ax55
    • Actively Exploited
    • EPSS Score: %70.18
    • Published: Sep. 11, 2023
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-56145

    Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspeci... Read more

    Affected Products : craft_cms
    • Actively Exploited
    • Published: Dec. 18, 2024
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2019-9978

    The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.... Read more

    Affected Products : social_warfare social_warfare_pro
    • Actively Exploited
    • EPSS Score: %88.31
    • Published: Mar. 24, 2019
    • Modified: Jun. 03, 2025
Showing 20 of 292758 Results