Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-37947

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent out-of-bounds stream writes by validating *pos ksmbd_vfs_stream_write() did not validate whether the write offset (*pos) was within the bounds of the existing stream data... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37962

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leak in parse_lease_state() The previous patch that added bounds check for create lease context introduced a memory leak. When the bounds check fails, the function ret... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37989

    In the Linux kernel, the following vulnerability has been resolved: net: phy: leds: fix memory leak A network restart test on a router led to an out-of-memory condition, which was traced to a memory leak in the PHY LED trigger code. The root cause is m... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37972

    In the Linux kernel, the following vulnerability has been resolved: Input: mtk-pmic-keys - fix possible null pointer dereference In mtk_pmic_keys_probe, the regs parameter is only set if the button is parsed in the device tree. However, on hardware wher... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37955

    In the Linux kernel, the following vulnerability has been resolved: virtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable() The selftests added to our CI by Bui Quang Minh recently reveals that there is a mem leak on the error path of virtnet_x... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37951

    In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending list if the reset was skipped When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so, instead of resetting the ... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37961

    In the Linux kernel, the following vulnerability has been resolved: ipvs: fix uninit-value for saddr in do_output_route4 syzbot reports for uninit-value for the saddr argument [1]. commit 4754957f04f5 ("ipvs: do not use random local source address for t... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37943

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi In certain cases, hardware might provide packets with a length greater than the maximum native Wi-Fi header length.... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2025-36535

    The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality.... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-27803

    The devices do not implement any authentication for the web interface or the MQTT server. An attacker who has network access to the device immediately gets administrative access to the devices and can perform arbitrary administrative actions and reconfigu... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 2.4

    LOW
    CVE-2025-1419

    Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite)... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-0372

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1.... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Race Condition

  • 7.7

    HIGH
    CVE-2024-56429

    itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key (found in iLabClient.jar) for local users to read or write to the database.... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cryptography

  • 0.0

    NA
    CVE-2025-37971

    In the Linux kernel, the following vulnerability has been resolved: staging: bcm2835-camera: Initialise dev in v4l2_dev Commit 42a2f6664e18 ("staging: vc04_services: Move global g_state to vchiq_state") changed mmal_init to pass dev->v4l2_dev.dev to vch... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-37988

    In the Linux kernel, the following vulnerability has been resolved: fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount() Normally do_lock_mount(path, _) is locking a mountpoint pinned by *path and at the time when matching unlock_mount(... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Race Condition

  • 6.5

    MEDIUM
    CVE-2025-4969

    A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consum... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 4.6

    MEDIUM
    CVE-2025-47291

    containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, th... Read more

    Affected Products : containerd
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Denial of Service

  • 7.0

    HIGH
    CVE-2025-2261

    Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user's browser under the privileges of the web application.... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-20112

    A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to excessive permissions that hav... Read more

    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-48203

    The cs_seo extension through 9.2.0 for TYPO3 allows XSS.... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292764 Results