Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-4186

    A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 2024. Affected is an unknown function of the file /?g=route_ispinfo_export_save. The manipulation of the argument file_name leads to path traversal. It is possible to la... Read more

    Affected Products :
    • Published: May. 02, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-1333

    IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keyc... Read more

    Affected Products : mq_operator
    • Published: May. 01, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2022-49905

    In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix possible leaked pernet namespace in smc_init() In smc_init(), register_pernet_subsys(&smc_net_stat_ops) is called without any error handling. If it fails, registering of &s... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-49858

    In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix SQE threshold checking Current way of checking available SQE count which is based on HW updated SQB count could result in driver submitting an SQE even before CQE for ... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-32011

    KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a remote attacker can bypass authentication to get access due to a path traversal.... Read more

    Affected Products :
    • Published: May. 01, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-36742

    An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index parameter exceeds the range of shape.... Read more

    Affected Products : oneflow
    • Published: Jun. 06, 2024
    • Modified: May. 02, 2025

  • 8.6

    HIGH
    CVE-2022-39393

    Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the p... Read more

    Affected Products : wasmtime
    • Published: Nov. 10, 2022
    • Modified: May. 02, 2025

  • 7.5

    HIGH
    CVE-2024-36737

    Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full parameter.... Read more

    Affected Products : oneflow
    • Published: Jun. 06, 2024
    • Modified: May. 02, 2025

  • 7.5

    HIGH
    CVE-2024-36743

    An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.dot.... Read more

    Affected Products : oneflow
    • Published: Jun. 06, 2024
    • Modified: May. 02, 2025

  • 7.5

    HIGH
    CVE-2024-36732

    An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.tensordot.... Read more

    Affected Products : oneflow
    • Published: Jun. 06, 2024
    • Modified: May. 02, 2025

  • 7.5

    HIGH
    CVE-2024-36734

    Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim parameter.... Read more

    Affected Products : oneflow
    • Published: Jun. 06, 2024
    • Modified: May. 02, 2025

  • 4.7

    MEDIUM
    CVE-2024-5032

    The SULly WordPress plugin before 4.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : sully
    • Published: Jul. 13, 2024
    • Modified: May. 02, 2025

  • 5.9

    MEDIUM
    CVE-2024-5033

    The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : sully
    • Published: Jul. 13, 2024
    • Modified: May. 02, 2025

  • 8.8

    HIGH
    CVE-2024-5034

    The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks... Read more

    Affected Products : sully
    • Published: Jul. 13, 2024
    • Modified: May. 02, 2025

  • 5.4

    MEDIUM
    CVE-2024-5074

    The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : wp_emember
    • Published: Jul. 13, 2024
    • Modified: May. 02, 2025

  • 7.6

    HIGH
    CVE-2006-5175

    Cross-site request forgery (CSRF) vulnerability in the administrative interface for the TeraStation HD-HTGL firmware 2.05 beta 1 and earlier allows remote attackers to modify configurations or delete arbitrary data via unspecified vectors.... Read more

    • Published: Oct. 10, 2006
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-48510

    Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the m... Read more

    Affected Products : dotnetzip.semverd prodotnetzip
    • Published: Nov. 13, 2024
    • Modified: May. 02, 2025

  • 8.8

    HIGH
    CVE-2023-33265

    In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.... Read more

    Affected Products : hazelcast imdg
    • Published: Jul. 18, 2023
    • Modified: May. 02, 2025

  • 0.0

    NA
    CVE-2025-39989

    In the Linux kernel, the following vulnerability has been resolved: x86/mce: use is_copy_from_user() to determine copy-from-user context Patch series "mm/hwpoison: Fix regressions in memory failure handling", v4. ## 1. What am I trying to do: This pat... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: May. 02, 2025

  • 7.8

    HIGH
    CVE-2025-37838

    In the Linux kernel, the following vulnerability has been resolved: HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition In the ssi_protocol_probe() function, &ssi->work is bound with ssip_xmit_work(), In ssip... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Race Condition
Showing 20 of 292811 Results