Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-38176

    In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in binderfs_evict_inode() Running 'stress-ng --binderfs 16 --timeout 300' under KASAN-enabled kernel, I've noticed the following: BUG: KASAN: slab-use-after-... Read more

    Affected Products : linux_kernel
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38205

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 [Why] If the dummy values in `populate_dummy_dml_surface_cfg()` aren't updated then they can lead to a divide by z... Read more

    Affected Products : linux_kernel
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38194

    In the Linux kernel, the following vulnerability has been resolved: jffs2: check that raw node were preallocated before writing summary Syzkaller detected a kernel bug in jffs2_link_node_ref, caused by fault injection in jffs2_prealloc_raw_node_refs. jf... Read more

    Affected Products : linux_kernel
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38208

    In the Linux kernel, the following vulnerability has been resolved: smb: client: add NULL check in automount_fullpath page is checked for null in __build_path_from_dentry_optional_prefix when tcon->origin_fullpath is not set. However, the check is missi... Read more

    Affected Products : linux_kernel
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38183

    In the Linux kernel, the following vulnerability has been resolved: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() Before calling lan743x_ptp_io_event_clock_get(), the 'channel' value is checked against the maximum v... Read more

    Affected Products : linux_kernel
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38232

    In the Linux kernel, the following vulnerability has been resolved: NFSD: fix race between nfsd registration and exports_proc As of now nfsd calls create_proc_exports_entry() at start of init_nfsd and cleanup by remove_proc_entry() at last of exit_nfsd.... Read more

    Affected Products : linux_kernel
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Race Condition

  • 7.5

    HIGH
    CVE-2025-53603

    In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHashMap.m allows a NULL pointer dereference and SOGo crash via a request in which a parameter in the query string is a duplicate of a parameter in the POST body.... Read more

    Affected Products :
    • Published: Jul. 05, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service

  • 4.1

    MEDIUM
    CVE-2023-50786

    Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows ... Read more

    Affected Products : dradis
    • Published: Jul. 05, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-38234

    In the Linux kernel, the following vulnerability has been resolved: sched/rt: Fix race in push_rt_task Overview ======== When a CPU chooses to call push_rt_task and picks a task to push to another CPU's runqueue then it will call find_lock_lowest_rq met... Read more

    Affected Products : linux_kernel
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Race Condition

  • 8.1

    HIGH
    CVE-2025-43711

    Tunnelblick 3.5beta06 before 7.0, when incompletely uninstalled, allows attackers to execute arbitrary code as root (upon the next boot) by dragging a crafted Tunnelblick.app file into /Applications.... Read more

    Affected Products :
    • Published: Jul. 05, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-26850

    The agent in Quest KACE Systems Management Appliance (SMA) before 14.0.97 and 14.1.x before 14.1.19 potentially allows privilege escalation on managed systems.... Read more

    Affected Products : kace_systems_management_appliance
    • Published: Jul. 05, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-53602

    Zipkin through 3.5.1 has a /heapdump endpoint (associated with the use of Spring Boot Actuator), a similar issue to CVE-2025-48927.... Read more

    Affected Products :
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 7.9

    HIGH
    CVE-2025-46733

    OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In version 4.5.0, using a specially crafted tee-supplicant binary running in REE userspace, a... Read more

    Affected Products : op-tee_os
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2025-6056

    Timing difference in password reset in Ergon Informatik AG's Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2.4 and 8.3.1 allows unauthenticated attackers to enumerate usernames.... Read more

    Affected Products :
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2025-52833

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in designthemes LMS allows SQL Injection. This issue affects LMS: from n/a through 9.1.... Read more

    Affected Products :
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-52831

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in thanhtungtnt Video List Manager allows SQL Injection. This issue affects Video List Manager: from n/a through 1.7.... Read more

    Affected Products : video_list_manager
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-52813

    Missing Authorization vulnerability in pietro MobiLoud allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MobiLoud: from n/a through 4.6.5.... Read more

    Affected Products :
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-52807

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusWP Kossy - Minimalist eCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects Kossy - Minimalist eCommerce W... Read more

    Affected Products :
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-52776

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thanhtungtnt Video List Manager allows Stored XSS. This issue affects Video List Manager: from n/a through 1.7.... Read more

    Affected Products : video_list_manager
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-52718

    Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone allows Remote Code Inclusion. This issue affects Alone: from n/a through 7.8.2.... Read more

    Affected Products :
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection
Showing 20 of 293606 Results