Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-32069

    Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Media Info Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Wikibase Media Info Extension: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2019-10219

    A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.... Read more

    • Published: Nov. 08, 2019
    • Modified: Jul. 07, 2025

  • 8.4

    HIGH
    CVE-2025-24803

    Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric c... Read more

    Affected Products : mobile_security_framework
    • Published: Feb. 05, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-40091

    Vilo 5 Mesh WiFi System <= 5.16.1.33 lacks authentication in the Boa webserver, which allows remote, unauthenticated attackers to retrieve logs with sensitive system.... Read more

    Affected Products : vilo_5_firmware vilo_5
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 7.8

    HIGH
    CVE-2024-49538

    Illustrator versions 29.0.0, 28.7.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu... Read more

    Affected Products : macos windows illustrator
    • Published: Dec. 10, 2024
    • Modified: Jul. 07, 2025

  • 4.3

    MEDIUM
    CVE-2024-39133

    Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service via the __zzip_parse_root_directory() function at /zzip/zip.c.... Read more

    Affected Products : zziplib
    • Published: Jun. 27, 2024
    • Modified: Jul. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-4443

    The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user su... Read more

    Affected Products : business_directory
    • Published: May. 22, 2024
    • Modified: Jul. 07, 2025

  • 8.6

    HIGH
    CVE-2021-40116

    Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to improper handling of the Block with ... Read more

    • Published: Oct. 27, 2021
    • Modified: Jul. 07, 2025

  • 0.0

    NA
    CVE-2025-23155

    In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Fix accessing freed irq affinity_hint The cpumask should not be a local variable, since its pointer is saved to irq_desc and may be accessed from procfs. To fix it, use the... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: Jul. 06, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-22101

    In the Linux kernel, the following vulnerability has been resolved: net: libwx: fix Tx L4 checksum The hardware only supports L4 checksum offload for TCP/UDP/SCTP protocol. There was a bug to set Tx checksum flag for the other protocol that results in T... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: Jul. 06, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-21942

    In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix extent range end unlock in cow_file_range() Running generic/751 on the for-next branch often results in a hang like below. They are both stack by locking an extent. Th... Read more

    Affected Products : linux_kernel
    • Published: Apr. 01, 2025
    • Modified: Jul. 06, 2025
    • Vuln Type: Race Condition

  • 7.8

    HIGH
    CVE-2025-21879

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free on inode when scanning root during em shrinking At btrfs_scan_root() we are accessing the inode's root (and fs_info) in a call to btrfs_fs_closing() after we h... Read more

    Affected Products : linux_kernel
    • Published: Mar. 27, 2025
    • Modified: Jul. 06, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2024-58091

    In the Linux kernel, the following vulnerability has been resolved: drm/fbdev-dma: Add shadow buffering for deferred I/O DMA areas are not necessarily backed by struct page, so we cannot rely on it for deferred I/O. Allocate a shadow buffer for drivers ... Read more

    Affected Products : linux_kernel
    • Published: Mar. 27, 2025
    • Modified: Jul. 06, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2024-57976

    In the Linux kernel, the following vulnerability has been resolved: btrfs: do proper folio cleanup when cow_file_range() failed [BUG] When testing with COW fixup marked as BUG_ON() (this is involved with the new pin_user_pages*() change, which should no... Read more

    Affected Products : linux_kernel
    • Published: Feb. 27, 2025
    • Modified: Jul. 06, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2024-36913

    In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such t... Read more

    Affected Products : linux_kernel
    • Published: May. 30, 2024
    • Modified: Jul. 06, 2025

  • 2.3

    LOW
    CVE-2025-4754

    Insufficient Session Expiration vulnerability in ash-project ash_authentication_phoenix allows Session Hijacking. This vulnerability is associated with program files lib/ash_authentication_phoenix/controller.ex. This issue affects ash_authentication_phoe... Read more

    Affected Products : ash_authentication_phoenix
    • Published: Jun. 17, 2025
    • Modified: Jul. 04, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-4748

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and p... Read more

    Affected Products : otp
    • Published: Jun. 16, 2025
    • Modified: Jul. 04, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-2866

    Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause inva... Read more

    Affected Products : libreoffice
    • Published: Apr. 27, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cryptography

  • 6.1

    MEDIUM
    CVE-2018-13065

    ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured... Read more

    Affected Products : modsecurity modsecurity modsecurity
    • Published: Jul. 03, 2018
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2022-48279

    In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C langua... Read more

    Affected Products : debian_linux modsecurity modsecurity
    • Published: Jan. 20, 2023
    • Modified: Jul. 03, 2025
Showing 20 of 293651 Results