Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-38260

    In the Linux kernel, the following vulnerability has been resolved: btrfs: handle csum tree error with rescue=ibadroots correctly [BUG] There is syzbot based reproducer that can crash the kernel, with the following call trace: (With some debug output ad... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38264

    In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: sanitize request list handling Validate the request in nvme_tcp_handle_r2t() to ensure it's not part of any list, otherwise a malicious R2T PDU might inject a loop in request ... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-38268

    In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work A state check was previously added to tcpm_queue_vdm_unlocked to prevent a deadlock where the DisplayPort Alt Mode dr... Read more

    Affected Products : linux_kernel
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-38284

    In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: configure manual DAC mode via PCI config API only To support 36-bit DMA, configure chip proprietary bit via PCI config API or chip DBI interface. However, the PCI devi... Read more

    Affected Products : linux_kernel
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38312

    In the Linux kernel, the following vulnerability has been resolved: fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() In fb_find_mode_cvt(), iff mode->refresh somehow happens to be 0x80000000, cvt.f_refresh will become 0 when multiplying it by... Read more

    Affected Products : linux_kernel
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-21009

    Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.... Read more

    Affected Products : android
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 6.6

    MEDIUM
    CVE-2025-0293

    CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-39134

    A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c.... Read more

    Affected Products : zziplib
    • Published: Jun. 27, 2024
    • Modified: Jul. 10, 2025

  • 9.1

    CRITICAL
    CVE-2024-27905

    ** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora. An endpoint exposing internals to unauthenticated users can be used as a "padding oracle" allowing an anonymous attacker to constru... Read more

    Affected Products : aurora
    • Published: Feb. 27, 2024
    • Modified: Jul. 10, 2025

  • 6.5

    MEDIUM
    CVE-2025-48916

    Missing Authorization vulnerability in Drupal Bookable Calendar allows Forceful Browsing.This issue affects Bookable Calendar: from 0.0.0 before 2.2.13.... Read more

    Affected Products : bookable_calendar
    • Published: Jun. 13, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-45988

    Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the cm... Read more

    • Published: Jun. 13, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-45987

    Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the dn... Read more

    • Published: Jun. 13, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-45985

    Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain a command injection vulnerability via the bs_SetSSIDH... Read more

    • Published: Jun. 13, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-45984

    Blink routers BL-WR9000 V2.4.9, BL-AC1900 V1.0.2, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 V1.0.5, BL-LTE300 V1.2.3, BL-F1200_AT1 V1.0.0, BL-X26_AC8 V1.2.8, BLAC450M_AE4 V4.0.0 and BL-X26_DA3 V1.2.7 were discovered to contain a command injection vulnerability via... Read more

    • Published: Jun. 13, 2025
    • Modified: Jul. 10, 2025

  • 4.8

    MEDIUM
    CVE-2024-6344

    A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scrip... Read more

    Affected Products : zkbiosecurity_v5000
    • Published: Jun. 26, 2024
    • Modified: Jul. 10, 2025

  • 5.5

    MEDIUM
    CVE-2025-52900

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The file access permissions for files uploaded to or created from File Browser are never explicitly set by t... Read more

    Affected Products : filebrowser
    • Published: Jun. 26, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2025-52902

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The Markdown preview function of File Browser prior to v2.33.7 is vulnerable to Stored Cross-Site-Scripting ... Read more

    Affected Products : filebrowser
    • Published: Jun. 26, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-6701

    A vulnerability, which was classified as problematic, has been found in Xuxueli xxl-sso 1.1.0. This issue affects some unknown processing of the file /xxl-sso-server/doLogin. The manipulation of the argument redirect_url leads to open redirect. The attack... Read more

    Affected Products : xxl-sso
    • Published: Jun. 26, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-6702

    A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to la... Read more

    Affected Products : litemall
    • Published: Jun. 26, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 9.6

    CRITICAL
    CVE-2024-52928

    Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website.... Read more

    Affected Products : windows arc
    • Published: Jun. 26, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization
Showing 20 of 291794 Results