Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-38141

    In the Linux kernel, the following vulnerability has been resolved: dm: fix dm_blk_report_zones If dm_get_live_table() returned NULL, dm_put_live_table() was never called. Also, it is possible that md->zone_revalidate_map will change while calling this ... Read more

    Affected Products : linux_kernel
    • Published: Jul. 03, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-38115

    In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: fix a potential crash on gso_skb handling SFQ has an assumption of always being able to queue at least one packet. However, after the blamed commit, sch->q.len can ... Read more

    Affected Products : linux_kernel
    • Published: Jul. 03, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-38101

    In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() Enlarge the critical section in ring_buffer_subbuf_order_set() to ensure that error handling takes place with per-buffe... Read more

    Affected Products : linux_kernel
    • Published: Jul. 03, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-38151

    In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work The cited commit fixed a crash when cma_netevent_callback was called for a cma_id while work on that id from a previous... Read more

    Affected Products : linux_kernel
    • Published: Jul. 03, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-38121

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: avoid panic on init failure In case of an error during init, in_hw_restart will be set, but it will never get cleared. Instead, we will retry to init again, and then... Read more

    Affected Products : linux_kernel
    • Published: Jul. 03, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38106

    In the Linux kernel, the following vulnerability has been resolved: io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() syzbot reports: BUG: KASAN: slab-use-after-free in getrusage+0x1109/0x1a60 Read of size 8 at addr ffff88810de2d2c... Read more

    Affected Products : linux_kernel
    • Published: Jul. 03, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38116

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix uaf in ath12k_core_init() When the execution of ath12k_core_hw_group_assign() or ath12k_core_hw_group_create() fails, the registered notifier chain is not unregistered... Read more

    Affected Products : linux_kernel
    • Published: Jul. 03, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38135

    In the Linux kernel, the following vulnerability has been resolved: serial: Fix potential null-ptr-deref in mlb_usio_probe() devm_ioremap() can return NULL on error. Currently, mlb_usio_probe() does not check for this case, which could result in a NULL ... Read more

    Affected Products : linux_kernel
    • Published: Jul. 03, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38093

    In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: x1e80100: Add GPU cooling Unlike the CPU, the GPU does not throttle its speed automatically when it reaches high temperatures. With certain high GPU loads it is possib... Read more

    Affected Products : linux_kernel
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-38150

    In the Linux kernel, the following vulnerability has been resolved: af_packet: move notifier's packet_dev_mc out of rcu critical section Syzkaller reports the following issue: BUG: sleeping function called from invalid context at kernel/locking/mutex.... Read more

    Affected Products : linux_kernel
    • Published: Jul. 03, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-38131

    In the Linux kernel, the following vulnerability has been resolved: coresight: prevent deactivate active config while enabling the config While enable active config via cscfg_csdev_enable_active_config(), active config could be deactivated via configfs'... Read more

    Affected Products : linux_kernel
    • Published: Jul. 03, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38157

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k_htc: Abort software beacon handling if disabled A malicious USB device can send a WMI_SWBA_EVENTID event from an ath9k_htc-managed device before beaconing has been enabled. ... Read more

    Affected Products : linux_kernel
    • Published: Jul. 03, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38138

    In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Add NULL check in udma_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently, udma_probe() does not check for this case, which results in a NULL p... Read more

    Affected Products : linux_kernel
    • Published: Jul. 03, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38117

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Protect mgmt_pending list with its own lock This uses a mutex to protect from concurrent access of mgmt_pending list which can cause crashes like: ====================... Read more

    Affected Products : linux_kernel
    • Published: Jul. 03, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Race Condition

  • 10.0

    CRITICAL
    CVE-2025-34073

    An unauthenticated command injection vulnerability exists in stamparm/maltrail (Maltrail) versions <=0.54. A remote attacker can execute arbitrary operating system commands via the username parameter in a POST request to the /login endpoint. This occurs d... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-34072

    A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol (MCP) Server via automatic link unfurling. When an AI agent using the Slack MCP Server processes untrusted data, it can be manipulated to generate messages con... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-34079

    An authenticated remote code execution vulnerability exists in NSClient++ version 0.5.2.35 when the web interface and ExternalScripts module are enabled. A remote attacker with the administrator password can authenticate to the web interface (default port... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-34078

    A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file (nsclient.ini) stores the administrative password in plaintext and is readable by local u... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-2932

    The JKDEVKIT plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'font_upload_handler' function in all versions up to, and including, 1.9.4. This makes it possible for authenticated attackers, with... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Path Traversal

  • 6.4

    MEDIUM
    CVE-2025-2540

    Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled prettyPhoto library (version 3.1.6) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This make... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293633 Results