Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2022-39393

    Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the p... Read more

    Affected Products : wasmtime
    • EPSS Score: %0.12
    • Published: Nov. 10, 2022
    • Modified: May. 02, 2025

  • 7.5

    HIGH
    CVE-2024-36737

    Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full parameter.... Read more

    Affected Products : oneflow
    • Published: Jun. 06, 2024
    • Modified: May. 02, 2025

  • 7.5

    HIGH
    CVE-2024-36743

    An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.dot.... Read more

    Affected Products : oneflow
    • Published: Jun. 06, 2024
    • Modified: May. 02, 2025

  • 7.5

    HIGH
    CVE-2024-36732

    An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.tensordot.... Read more

    Affected Products : oneflow
    • Published: Jun. 06, 2024
    • Modified: May. 02, 2025

  • 7.5

    HIGH
    CVE-2024-36734

    Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim parameter.... Read more

    Affected Products : oneflow
    • Published: Jun. 06, 2024
    • Modified: May. 02, 2025

  • 4.7

    MEDIUM
    CVE-2024-5032

    The SULly WordPress plugin before 4.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : sully
    • Published: Jul. 13, 2024
    • Modified: May. 02, 2025

  • 5.9

    MEDIUM
    CVE-2024-5033

    The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : sully
    • Published: Jul. 13, 2024
    • Modified: May. 02, 2025

  • 8.8

    HIGH
    CVE-2024-5034

    The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks... Read more

    Affected Products : sully
    • Published: Jul. 13, 2024
    • Modified: May. 02, 2025

  • 5.4

    MEDIUM
    CVE-2024-5074

    The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : wp_emember
    • Published: Jul. 13, 2024
    • Modified: May. 02, 2025

  • 7.6

    HIGH
    CVE-2006-5175

    Cross-site request forgery (CSRF) vulnerability in the administrative interface for the TeraStation HD-HTGL firmware 2.05 beta 1 and earlier allows remote attackers to modify configurations or delete arbitrary data via unspecified vectors.... Read more

    • EPSS Score: %0.30
    • Published: Oct. 10, 2006
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-48510

    Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the m... Read more

    Affected Products : dotnetzip.semverd prodotnetzip
    • Published: Nov. 13, 2024
    • Modified: May. 02, 2025

  • 8.8

    HIGH
    CVE-2023-33265

    In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.... Read more

    Affected Products : hazelcast imdg
    • EPSS Score: %0.17
    • Published: Jul. 18, 2023
    • Modified: May. 02, 2025

  • 0.0

    NA
    CVE-2025-39989

    In the Linux kernel, the following vulnerability has been resolved: x86/mce: use is_copy_from_user() to determine copy-from-user context Patch series "mm/hwpoison: Fix regressions in memory failure handling", v4. ## 1. What am I trying to do: This pat... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: May. 02, 2025

  • 7.8

    HIGH
    CVE-2025-37838

    In the Linux kernel, the following vulnerability has been resolved: HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition In the ssi_protocol_probe() function, &ssi->work is bound with ssip_xmit_work(), In ssip... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: May. 02, 2025

  • 7.1

    HIGH
    CVE-2025-37785

    In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem with directory which contains '.' dir entry with rec_len == block size results in out-of-bounds read (later o... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: May. 02, 2025

  • 0.0

    NA
    CVE-2025-22120

    In the Linux kernel, the following vulnerability has been resolved: ext4: goto right label 'out_mmap_sem' in ext4_setattr() Otherwise, if ext4_inode_attach_jinode() fails, a hung task will happen because filemap_invalidate_unlock() isn't called to unloc... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: May. 02, 2025

  • 0.0

    NA
    CVE-2025-22028

    In the Linux kernel, the following vulnerability has been resolved: media: vimc: skip .s_stream() for stopped entities Syzbot reported [1] a warning prompted by a check in call_s_stream() that checks whether .s_stream() operation is warranted for unstar... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: May. 02, 2025

  • 0.0

    NA
    CVE-2025-22013

    In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state There are several problems with the way hyp code lazily saves the host's FPSIMD/SVE state, including: * Host SVE being ... Read more

    Affected Products : linux_kernel
    • Published: Apr. 08, 2025
    • Modified: May. 02, 2025

  • 5.5

    MEDIUM
    CVE-2025-21853

    In the Linux kernel, the following vulnerability has been resolved: bpf: avoid holding freeze_mutex during mmap operation We use map->freeze_mutex to prevent races between map_freeze() and memory mapping BPF map contents with writable permissions. The w... Read more

    Affected Products : linux_kernel
    • Published: Mar. 12, 2025
    • Modified: May. 02, 2025

  • 5.5

    MEDIUM
    CVE-2025-21681

    In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix lockup on tx to unregistering netdev with carrier Commit in a fixes tag attempted to fix the issue in the following sequence of calls: do_output -> ovs_vport_s... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2025
    • Modified: May. 02, 2025
Showing 20 of 291132 Results