Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.0

    HIGH
    CVE-2025-29778

    Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes... Read more

    Affected Products : kyverno kyverno
    • Published: Mar. 24, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2024-8551

    A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially lead... Read more

    Affected Products : agentscope
    • Published: Mar. 20, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2024-6839

    corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensit... Read more

    Affected Products : flask-cors flask-cors
    • Published: Mar. 20, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-10264

    HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This can lead to unauthorized access, bypassing security contro... Read more

    Affected Products : qanything qanything
    • Published: Mar. 20, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-12864

    A Denial of Service (DoS) vulnerability was discovered in the file upload feature of netease-youdao/qanything version v2.0.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can expl... Read more

    Affected Products : qanything qanything
    • Published: Mar. 20, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-38491

    In the Linux kernel, the following vulnerability has been resolved: mptcp: make fallback action and fallback decision atomic Syzkaller reported the following splat: WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 __mptcp_do_fallback net/mptcp/... Read more

    Affected Products : linux_kernel
    • Published: Jul. 28, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-38351

    In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercalls HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST and HVCALL_FLUSH_VIRTU... Read more

    Affected Products : linux_kernel
    • Published: Jul. 19, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38325

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: add free_transport ops in ksmbd connection free_transport function for tcp connection can be called from smbdirect. It will cause kernel oops. This patch add free_transport ops i... Read more

    Affected Products : linux_kernel
    • Published: Jul. 10, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38322

    In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix crash in icl_update_topdown_event() The perf_fuzzer found a hard-lockup crash on a RaptorLake machine: Oops: general protection fault, maybe for address 0xffff89a... Read more

    Affected Products : linux_kernel
    • Published: Jul. 10, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38221

    In the Linux kernel, the following vulnerability has been resolved: ext4: fix out of bounds punch offset Punching a hole with a start offset that exceeds max_end is not permitted and will result in a negative length in the truncate_inode_partial_folio()... Read more

    Affected Products : linux_kernel
    • Published: Jul. 04, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-37777

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in __smb2_lease_break_noti() Move tcp_transport free to ksmbd_conn_free. If ksmbd connection is referenced when ksmbd server thread terminates, It will not be ... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-29360

    Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the time and timeZone parameters at /goform/SetSysTimeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    Affected Products : rx3_firmware rx3 rx3_firmware rx3
    • Published: Mar. 13, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-29359

    Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the deviceId parameter at /goform/saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    Affected Products : rx3_firmware rx3 rx3_firmware rx3
    • Published: Mar. 13, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-29358

    Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the firewallEn parameter at /goform/SetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    Affected Products : rx3_firmware rx3 rx3_firmware rx3
    • Published: Mar. 13, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-29357

    Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the startIp and endIp parameters at /goform/SetPptpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    Affected Products : rx3_firmware rx3 rx3_firmware rx3
    • Published: Mar. 13, 2025
    • Modified: Aug. 01, 2025

  • 6.1

    MEDIUM
    CVE-2025-48206

    The ns_backup extension through 13.0.0 for TYPO3 allows XSS.... Read more

    Affected Products : ns-backup ns-backup
    • Published: May. 21, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2023-31746

    There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0. An unauthenticated attacker can exploit the vulnerability to execute system commands as the root user.... Read more

    • EPSS Score: %1.42
    • Published: Jun. 14, 2023
    • Modified: Aug. 01, 2025

  • 9.8

    CRITICAL
    CVE-2023-37847

    novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability.... Read more

    Affected Products : novel-plus novel-plus novel-plus
    • EPSS Score: %0.30
    • Published: Aug. 14, 2023
    • Modified: Aug. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-1251

    A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /general/email/outbox/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been dis... Read more

    • EPSS Score: %0.05
    • Published: Feb. 06, 2024
    • Modified: Aug. 01, 2025

  • 9.8

    CRITICAL
    CVE-2023-7021

    A vulnerability was found in Tongda OA 2017 up to 11.9. It has been classified as critical. Affected is an unknown function of the file general/vehicle/checkup/delete_search.php. The manipulation of the argument VU_ID leads to sql injection. It is possibl... Read more

    • EPSS Score: %0.06
    • Published: Dec. 21, 2023
    • Modified: Aug. 01, 2025
Showing 20 of 291401 Results