Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-21879

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free on inode when scanning root during em shrinking At btrfs_scan_root() we are accessing the inode's root (and fs_info) in a call to btrfs_fs_closing() after we h... Read more

    Affected Products : linux_kernel
    • Published: Mar. 27, 2025
    • Modified: Jul. 06, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2024-58091

    In the Linux kernel, the following vulnerability has been resolved: drm/fbdev-dma: Add shadow buffering for deferred I/O DMA areas are not necessarily backed by struct page, so we cannot rely on it for deferred I/O. Allocate a shadow buffer for drivers ... Read more

    Affected Products : linux_kernel
    • Published: Mar. 27, 2025
    • Modified: Jul. 06, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2024-57976

    In the Linux kernel, the following vulnerability has been resolved: btrfs: do proper folio cleanup when cow_file_range() failed [BUG] When testing with COW fixup marked as BUG_ON() (this is involved with the new pin_user_pages*() change, which should no... Read more

    Affected Products : linux_kernel
    • Published: Feb. 27, 2025
    • Modified: Jul. 06, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2024-36913

    In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such t... Read more

    Affected Products : linux_kernel
    • Published: May. 30, 2024
    • Modified: Jul. 06, 2025

  • 2.3

    LOW
    CVE-2025-4754

    Insufficient Session Expiration vulnerability in ash-project ash_authentication_phoenix allows Session Hijacking. This vulnerability is associated with program files lib/ash_authentication_phoenix/controller.ex. This issue affects ash_authentication_phoe... Read more

    Affected Products : ash_authentication_phoenix
    • Published: Jun. 17, 2025
    • Modified: Jul. 04, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-4748

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and p... Read more

    Affected Products : otp
    • Published: Jun. 16, 2025
    • Modified: Jul. 04, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-2866

    Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause inva... Read more

    Affected Products : libreoffice
    • Published: Apr. 27, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cryptography

  • 6.1

    MEDIUM
    CVE-2018-13065

    ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured... Read more

    Affected Products : modsecurity modsecurity modsecurity
    • Published: Jul. 03, 2018
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2022-48279

    In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C langua... Read more

    Affected Products : debian_linux modsecurity modsecurity
    • Published: Jan. 20, 2023
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2020-15598

    Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regul... Read more

    Affected Products : debian_linux modsecurity modsecurity
    • Published: Oct. 06, 2020
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2021-42717

    ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP reque... Read more

    • Published: Dec. 07, 2021
    • Modified: Jul. 03, 2025

  • 8.6

    HIGH
    CVE-2024-1019

    ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path compo... Read more

    Affected Products : modsecurity modsecurity
    • Published: Jan. 30, 2024
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2023-28882

    Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.... Read more

    Affected Products : modsecurity modsecurity
    • Published: Apr. 28, 2023
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2023-38285

    Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.... Read more

    Affected Products : modsecurity modsecurity
    • Published: Jul. 26, 2023
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2019-19886

    Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in ... Read more

    Affected Products : fedora modsecurity modsecurity
    • Published: Jan. 21, 2020
    • Modified: Jul. 03, 2025

  • 5.3

    MEDIUM
    CVE-2019-25043

    ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header.... Read more

    Affected Products : modsecurity modsecurity
    • Published: May. 06, 2021
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2024-31879

    IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539.... Read more

    Affected Products : i i
    • Published: May. 18, 2024
    • Modified: Jul. 03, 2025

  • 6.8

    MEDIUM
    CVE-2024-47104

    IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. ... Read more

    Affected Products : i i
    • Published: Dec. 18, 2024
    • Modified: Jul. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-51463

    IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.... Read more

    Affected Products : i i
    • Published: Dec. 21, 2024
    • Modified: Jul. 03, 2025

  • 4.3

    MEDIUM
    CVE-2024-51464

    IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to p... Read more

    Affected Products : i i
    • Published: Dec. 21, 2024
    • Modified: Jul. 03, 2025
Showing 20 of 293620 Results