Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2025-9006

    A vulnerability was identified in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function formdelFileName of the file /goform/delFileName. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disc... Read more

    Affected Products : ch22_firmware ch22
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 5.9

    MEDIUM
    CVE-2025-50862

    The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. This presents a risk of user data exposure.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-6920

    A flaw was found in the authentication enforcement mechanism of a model inference API in ai-inference-server. All /v1/* endpoints are expected to enforce API key validation. However, the POST /invocations endpoint failed to do so, resulting in an authenti... Read more

    Affected Products : ai_inference_server
    • Published: Jul. 01, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-9453

    A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a maliciou... Read more

    • Published: Jul. 04, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 8.2

    HIGH
    CVE-2025-36600

    Dell Client Platform BIOS contains an Improper Access Control Applied to Mirrored or Aliased Memory Regions vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, lead... Read more

    • Published: Jul. 08, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2023-37405

    IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user.... Read more

    • Published: Mar. 27, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-55668

    Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recomm... Read more

    Affected Products : tomcat
    • Published: Aug. 13, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-50612

    A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_004743f8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_sec_set in the payload, which may cause the pr... Read more

    Affected Products : wf2880_firmware wf2880
    • Published: Aug. 13, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-50613

    A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00475e1c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wds_key_wep in the payload, which can cause the progr... Read more

    Affected Products : wf2880_firmware wf2880
    • Published: Aug. 13, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-54472

    Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. Root Cause: In the bRPC Redis protocol parser code, memory for arrays or strings of correspo... Read more

    Affected Products : brpc
    • Published: Aug. 14, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-48989

    Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. O... Read more

    Affected Products : tomcat
    • Published: Aug. 13, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-21472

    Information disclosure while capturing logs as eSE debug messages are logged.... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-27067

    Memory corruption while processing DDI call with invalid buffer.... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-27068

    Memory corruption while processing an IOCTL command with an arbitrary address.... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-55673

    When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table na... Read more

    Affected Products : superset
    • Published: Aug. 14, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-27069

    Memory corruption while processing DDI command calls.... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-27072

    Information disclosure while processing a packet at EAVB BE side with invalid header length.... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-27075

    Memory corruption while processing IOCTL command with larger buffer in Bluetooth Host.... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-47324

    Information disclosure while accessing and modifying the PIB file of a remote device via powerline.... Read more

    Affected Products : qca7005_firmware qca7005
    • Published: Aug. 06, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-55674

    A bypass of the DISALLOWED_SQL_FUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functi... Read more

    Affected Products : superset
    • Published: Aug. 14, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Injection
Showing 20 of 292044 Results