Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-37874

    In the Linux kernel, the following vulnerability has been resolved: net: ngbe: fix memory leak in ngbe_probe() error path When ngbe_sw_init() is called, memory is allocated for wx->rss_key in wx_init_rss_key(). However, in ngbe_probe() function, the sub... Read more

    Affected Products : linux_kernel
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37876

    In the Linux kernel, the following vulnerability has been resolved: netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS When testing a special config: CONFIG_NETFS_SUPPORTS=y CONFIG_PROC_FS=n The system crashes with something like: [ 3.766197] -... Read more

    Affected Products : linux_kernel
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-37888

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table() Add NULL check for mlx5_get_flow_namespace() returns in mlx5_create_inner_ttc_table() and mlx5_create_ttc_table() to pre... Read more

    Affected Products : linux_kernel
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37872

    In the Linux kernel, the following vulnerability has been resolved: net: txgbe: fix memory leak in txgbe_probe() error path When txgbe_sw_init() is called, memory is allocated for wx->rss_key in wx_init_rss_key(). However, in txgbe_probe() function, the... Read more

    Affected Products : linux_kernel
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37882

    In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of these events points at enqueue at the time of error occurrence on xHCI 1.1+ HCs or it's NULL on older ... Read more

    Affected Products : linux_kernel
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-37873

    In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix missing ring index trim on error path Commit under Fixes converted tx_prod to be free running but missed masking it on the Tx error path. This crashes on error conditions... Read more

    Affected Products : linux_kernel
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37864

    In the Linux kernel, the following vulnerability has been resolved: net: dsa: clean up FDB, MDB, VLAN entries on unbind As explained in many places such as commit b117e1e8a86d ("net: dsa: delete dsa_legacy_fdb_add and dsa_legacy_fdb_del"), DSA is writte... Read more

    Affected Products : linux_kernel
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-37869

    In the Linux kernel, the following vulnerability has been resolved: drm/xe: Use local fence in error path of xe_migrate_clear The intent of the error path in xe_migrate_clear is to wait on locally generated fence and then return. The code is waiting on ... Read more

    Affected Products : linux_kernel
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37883

    In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Add check for get_zeroed_page() Add check for the return value of get_zeroed_page() in sclp_console_init() to prevent null pointer dereference. Furthermore, to solve the memo... Read more

    Affected Products : linux_kernel
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2025-2944

    The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video Button and Countdown Widgets in all versions up to, and including, 2.6.12 due to insufficient input sanitization and output escaping on user sup... Read more

    Affected Products : jeg_elementor_kit
    • Published: May. 10, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2025-1533

    A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate ... Read more

    Affected Products : armoury_crate
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-1087

    Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that allows attackers to execute arbitrary code. The vulnerability exists due to insufficient validation of user-supplied input when processing template strings, w... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-37877

    In the Linux kernel, the following vulnerability has been resolved: iommu: Clear iommu-dma ops on cleanup If iommu_device_register() encounters an error, it can end up tearing down already-configured groups and default domains, however this currently st... Read more

    Affected Products : linux_kernel
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2024-13962

    Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Gen Digital Inc. Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM... Read more

    Affected Products : cleanup_premium
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Race Condition

  • 7.8

    HIGH
    CVE-2024-13944

    Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate Version 24.2.16862.6344 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via ... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-37885

    In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reset IRTE to host control if *new* route isn't postable Restore an IRTE back to host control (remapped or posted MSI mode) if the *new* GSI route prevents posting the IRQ dir... Read more

    Affected Products : linux_kernel
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 5.9

    MEDIUM
    CVE-2025-3897

    The EUCookieLaw plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.7.2 via the 'file_get_contents' function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2024-13960

    Link Following Local Privilege Escalation Vulnerability in TuneUp Service in AVG TuneUp Version 23.4 (build 15592) on Windows 10 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Race Condition

  • 7.8

    HIGH
    CVE-2024-9524

    Link Following Local Privilege Escalation Vulnerability in System Speedup Service in Avira Operations GmbH Avira Prime Version 1.1.96.2 on Windows 10 x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Race Condition

  • 5.1

    MEDIUM
    CVE-2025-4495

    A vulnerability has been found in JAdmin-JAVA JAdmin 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /memoAjax/save. The manipulation of the argument ID leads to cross site scripting. The attack ca... Read more

    Affected Products :
    • Published: May. 10, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292522 Results