Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2025-4446

    A vulnerability has been found in H3C GR-5400AX up to 100R008 and classified as critical. This vulnerability affects the function Edit_List_SSID of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack needs... Read more

    Affected Products : gr-5400ax_firmware
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37843

    In the Linux kernel, the following vulnerability has been resolved: PCI: pciehp: Avoid unnecessary device replacement check Hot-removal of nested PCI hotplug ports suffers from a long-standing race condition which can lead to a deadlock: A parent hotpl... Read more

    Affected Products : linux_kernel
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Race Condition

  • 3.7

    LOW
    CVE-2025-46712

    Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allo... Read more

    Affected Products : otp
    • Published: May. 08, 2025
    • Modified: May. 12, 2025

  • 0.0

    NA
    CVE-2025-37845

    In the Linux kernel, the following vulnerability has been resolved: tracing: fprobe events: Fix possible UAF on modules Commit ac91052f0ae5 ("tracing: tprobe-events: Fix leakage of module refcount") moved try_module_get() from __find_tracepoint_module_c... Read more

    Affected Products : linux_kernel
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37862

    In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix null pointer dereference in pidff_find_fields This function triggered a null pointer dereference if used to search for a report that isn't implemented on the device. Thi... Read more

    Affected Products : linux_kernel
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37859

    In the Linux kernel, the following vulnerability has been resolved: page_pool: avoid infinite loop to schedule delayed worker We noticed the kworker in page_pool_release_retry() was waken up repeatedly and infinitely in production because of the buggy d... Read more

    Affected Products : linux_kernel
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-37857

    In the Linux kernel, the following vulnerability has been resolved: scsi: st: Fix array overflow in st_setup() Change the array size to follow parms size instead of a fixed value.... Read more

    Affected Products : linux_kernel
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37856

    In the Linux kernel, the following vulnerability has been resolved: btrfs: harden block_group::bg_list against list_del() races As far as I can tell, these calls of list_del_init() on bg_list cannot run concurrently with btrfs_mark_bg_unused() or btrfs_... Read more

    Affected Products : linux_kernel
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-37855

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Guard Possible Null Pointer Dereference [WHY] In some situations, dc->res_pool may be null. [HOW] Check if pointer is null before dereference.... Read more

    Affected Products : linux_kernel
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37852

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() Add error handling to propagate amdgpu_cgs_create_device() failures to the caller. When amdgpu_cgs_create_... Read more

    Affected Products : linux_kernel
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37850

    In the Linux kernel, the following vulnerability has been resolved: pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() With CONFIG_COMPILE_TEST && !CONFIG_HAVE_CLK, pwm_mediatek_config() has a divide-by-zero in the following line: do_div(r... Read more

    Affected Products : linux_kernel
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-37849

    In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvm_arch_vcpu_create() fails to share the vCPU page with the hypervisor, we propagate the error back to the ioctl but leave the vGI... Read more

    Affected Products : linux_kernel
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-2253

    The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3. This is due to the plugin not properly validating a verification code value prior to updating their password through the imi... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2025-4377

    Improper Limitation of a Pathname caused a Path Traversal vulnerability in Sparx Systems Pro Cloud Server. This vulnerability is present in logview.php and it allows reading arbitrary files on the filesystem.  Logview is accessible on Pro Cloud Server C... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-4376

    Improper Input Validation vulnerability in Sparx Systems Pro Cloud Server's WebEA model search field allows Cross-Site Scripting (XSS). This issue affects Pro Cloud Server: earlier than 6.0.165.... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-4455

    A vulnerability was found in Patch My PC Home Updater up to 5.1.3.0. It has been rated as critical. This issue affects some unknown processing in the library advapi32.dll/BCrypt.dll/comctl32.dll/crypt32.dll/dwmapi.dll/gdi32.dll/gdiplus.dll/imm32.dll/iphlp... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-31946

    Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-27720

    The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cryptography

  • 4.6

    MEDIUM
    CVE-2025-46833

    Programs/P73_SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may be able to decrypt the data using brute force attacks and because of this the whole applica... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2024-9448

    On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be drop... Read more

    Affected Products : eos
    • Published: May. 08, 2025
    • Modified: May. 12, 2025
Showing 20 of 291750 Results