Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    HIGH
    CVE-2025-29804

    Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : visual_studio visual_studio_2022
    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-53006

    DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" wit... Read more

    Affected Products : dataease
    • Published: Jul. 02, 2025
    • Modified: Jul. 10, 2025

  • 7.3

    HIGH
    CVE-2025-29802

    Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : visual_studio visual_studio_2022
    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-29801

    Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : autoupdate
    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-5322

    The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the do_updatecar and createcar functions in all versions up to, and including, 1.4.3. This makes it possible fo... Read more

    Affected Products : vikrentcar
    • Published: Jul. 03, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38289

    In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk Smatch detected a potential use-after-free of an ndlp oject in dev_loss_tmo_callbk during driver unload or fatal e... Read more

    Affected Products : linux_kernel
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38279

    In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue ([1]) where the following warning appears in kernel dmesg: [ 60.643604] verifie... Read more

    Affected Products : linux_kernel
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38257

    In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Prevent overflow in size calculation for memdup_user() Number of apqn target list entries contained in 'nr_apqns' variable is determined by userspace via an ioctl call so the... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38250

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix use-after-free in vhci_flush() syzbot reported use-after-free in vhci_flush() without repro. [0] From the splat, a thread close()d a vhci file descriptor while... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38246

    In the Linux kernel, the following vulnerability has been resolved: bnxt: properly flush XDP redirect lists We encountered following crash when testing a XDP_REDIRECT feature in production: [56251.579676] list_add corruption. next->prev should be prev ... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38243

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix invalid inode pointer dereferences during log replay In a few places where we call read_one_inode(), if we get a NULL pointer we end up jumping into an error path, or fallthr... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38242

    In the Linux kernel, the following vulnerability has been resolved: mm: userfaultfd: fix race of userfaultfd_move and swap cache This commit fixes two kinds of races, they may have different results: Barry reported a BUG_ON in commit c50f8e6053b0, we m... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-38139

    In the Linux kernel, the following vulnerability has been resolved: netfs: Fix oops in write-retry from mis-resetting the subreq iterator Fix the resetting of the subrequest iterator in netfs_retry_write_stream() to use the iterator-reset function as th... Read more

    Affected Products : linux_kernel
    • Published: Jul. 03, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-27070

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault syzbot reports a f2fs bug as below: BUG: KASAN: slab-use-after-free in f2fs_filemap_fault+0xd1/0x2c0 fs/f2fs/file.c:49 Rea... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2024
    • Modified: Jul. 10, 2025

  • 5.5

    MEDIUM
    CVE-2024-26726

    In the Linux kernel, the following vulnerability has been resolved: btrfs: don't drop extent_map for free space inode on write error While running the CI for an unrelated change I hit the following panic with generic/648 on btrfs_holes_spacecache. asse... Read more

    Affected Products : linux_kernel
    • Published: Apr. 03, 2024
    • Modified: Jul. 10, 2025

  • 7.8

    HIGH
    CVE-2025-29800

    Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : autoupdate
    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-5924

    The WP Firebase Push Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the wfpn_brodcast_notification_message() function. This... Read more

    Affected Products : wp_firebase_push_notification
    • Published: Jul. 04, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.8

    HIGH
    CVE-2025-27743

    Untrusted search path in System Center allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-27742

    Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-27741

    Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293545 Results