Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-55492

    Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross Site Scripting (XSS).... Read more

    Affected Products : winmail_server
    • Published: Dec. 18, 2024
    • Modified: Jul. 17, 2025

  • 0.0

    NA
    CVE-2025-38263

    In the Linux kernel, the following vulnerability has been resolved: bcache: fix NULL pointer in cache_set_flush() 1. LINE#1794 - LINE#1887 is some codes about function of bch_cache_set_alloc(). 2. LINE#2078 - LINE#2142 is some codes about function of... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38262

    In the Linux kernel, the following vulnerability has been resolved: tty: serial: uartlite: register uart driver in init When two instances of uart devices are probing, a concurrency race can occur. If one thread calls uart_register_driver function, whic... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-38251

    In the Linux kernel, the following vulnerability has been resolved: atm: clip: prevent NULL deref in clip_push() Blamed commit missed that vcc_destroy_socket() calls clip_push() with a NULL skb. If clip_devs is NULL, clip_push() then crashes when readi... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38249

    In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() In snd_usb_get_audioformat_uac3(), the length value returned from snd_usb_ctl_msg() is used directly for memory... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38245

    In the Linux kernel, the following vulnerability has been resolved: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). syzbot reported a warning below during atm_dev_register(). [0] Before creating a new device and procfs/sysfs f... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-38230

    In the Linux kernel, the following vulnerability has been resolved: jfs: validate AG parameters in dbMount() to prevent crashes Validate db_agheight, db_agwidth, and db_agstart in dbMount to catch corrupted metadata early and avoid undefined behavior in... Read more

    Affected Products : linux_kernel
    • Published: Jul. 04, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38229

    In the Linux kernel, the following vulnerability has been resolved: media: cxusb: no longer judge rbuf when the write fails syzbot reported a uninit-value in cxusb_i2c_xfer. [1] Only when the write operation of usb_bulk_msg() in dvb_usb_generic_rw() su... Read more

    Affected Products : linux_kernel
    • Published: Jul. 04, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38226

    In the Linux kernel, the following vulnerability has been resolved: media: vivid: Change the siize of the composing syzkaller found a bug: BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [i... Read more

    Affected Products : linux_kernel
    • Published: Jul. 04, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38211

    In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction The commit 59c68ac31e15 ("iw_cm: free cm_id resources on the last deref") simplified cm_id resource management by f... Read more

    Affected Products : linux_kernel
    • Published: Jul. 04, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38104

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a way for virtual functions to safely access GPU registers ... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-38102

    In the Linux kernel, the following vulnerability has been resolved: VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify During our test, it is found that a warning can be trigger in try_grab_folio as follow: ------------[ cut here... Read more

    Affected Products : linux_kernel
    • Published: Jul. 03, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-38074

    In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: protect vq->log_used with vq->mutex The vhost-scsi completion path may access vq->log_base when vq->log_used is already set to false. vhost-thread ... Read more

    Affected Products : linux_kernel
    • Published: Jun. 18, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38067

    In the Linux kernel, the following vulnerability has been resolved: rseq: Fix segfault on registration when rseq_cs is non-zero The rseq_cs field is documented as being set to 0 by user-space prior to registration, however this is not currently enforced... Read more

    Affected Products : linux_kernel
    • Published: Jun. 18, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2024-49935

    In the Linux kernel, the following vulnerability has been resolved: ACPI: PAD: fix crash in exit_round_robin() The kernel occasionally crashes in cpumask_clear_cpu(), which is called within exit_round_robin(), because when executing clear_bit(nr, addr) ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Jul. 17, 2025

  • 5.5

    MEDIUM
    CVE-2024-44939

    In the Linux kernel, the following vulnerability has been resolved: jfs: fix null ptr deref in dtInsertEntry [syzbot reported] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-p... Read more

    Affected Products : linux_kernel
    • Published: Aug. 26, 2024
    • Modified: Jul. 17, 2025

  • 5.5

    MEDIUM
    CVE-2024-26775

    In the Linux kernel, the following vulnerability has been resolved: aoe: avoid potential deadlock at set_capacity Move set_capacity() outside of the section procected by (&d->lock). To avoid possible interrupt unsafe locking scenario: CPU0 ... Read more

    Affected Products : linux_kernel
    • Published: Apr. 03, 2024
    • Modified: Jul. 17, 2025

  • 5.5

    MEDIUM
    CVE-2024-26644

    In the Linux kernel, the following vulnerability has been resolved: btrfs: don't abort filesystem when attempting to snapshot deleted subvolume If the source file descriptor to the snapshot ioctl refers to a deleted subvolume, we get the following abort... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Mar. 26, 2024
    • Modified: Jul. 17, 2025

  • 5.5

    MEDIUM
    CVE-2022-48703

    In the Linux kernel, the following vulnerability has been resolved: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup() returns... Read more

    Affected Products : linux_kernel
    • Published: May. 03, 2024
    • Modified: Jul. 17, 2025

  • 6.2

    MEDIUM
    CVE-2024-20850

    Use of Implicit Intent for Sensitive Communication in Samsung Pay prior to version 5.4.99 allows local attackers to access information of Samsung Pay.... Read more

    Affected Products : pay samsung_pay
    • Published: Apr. 02, 2024
    • Modified: Jul. 17, 2025
Showing 20 of 291526 Results