Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2022-49352

    In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in ext4_handle_inode_extension We got issue as follows: EXT4-fs error (device loop0) in ext4_reserve_inode_write:5741: Out of memory EXT4-fs error (device loop0): ext4... Read more

    Affected Products : linux_kernel
    • Published: Feb. 26, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Memory Corruption

  • 4.7

    MEDIUM
    CVE-2022-49152

    In the Linux kernel, the following vulnerability has been resolved: XArray: Fix xas_create_range() when multi-order entry present If there is already an entry present that is of order >= XA_CHUNK_SHIFT when we call xas_create_range(), xas_create_range()... Read more

    Affected Products : linux_kernel
    • Published: Feb. 26, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Memory Corruption

  • 4.7

    MEDIUM
    CVE-2022-48941

    In the Linux kernel, the following vulnerability has been resolved: ice: fix concurrent reset and removal of VFs Commit c503e63200c6 ("ice: Stop processing VF messages during teardown") introduced a driver state flag, ICE_VF_DEINIT_IN_PROGRESS, which is... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2024
    • Modified: Jun. 19, 2025

  • 5.5

    MEDIUM
    CVE-2022-48935

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unregister flowtable hooks on netns exit Unregister flowtable hooks before they are releases via nf_tables_flowtable_destroy() otherwise hook core reports UAF. BU... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2024
    • Modified: Jun. 19, 2025

  • 5.5

    MEDIUM
    CVE-2022-48849

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: bypass tiling flag check in virtual display case (v2) vkms leverages common amdgpu framebuffer creation, and also as it does not support FB modifier, there is no need to che... Read more

    Affected Products : linux_kernel
    • Published: Jul. 16, 2024
    • Modified: Jun. 19, 2025

  • 7.2

    HIGH
    CVE-2025-6007

    A vulnerability, which was classified as critical, was found in kiCode111 like-girl 5.2.0. Affected is an unknown function of the file /admin/CopyadminPost.php. The manipulation of the argument icp/Copyright leads to sql injection. It is possible to launc... Read more

    Affected Products : like-girl
    • Published: Jun. 12, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-6008

    A vulnerability has been found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ImgAddPost.php. The manipulation of the argument imgDatd/imgText/imgUrl leads to sql inje... Read more

    Affected Products : like-girl
    • Published: Jun. 12, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-6009

    A vulnerability was found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ipAddPost.php. The manipulation of the argument bz/ipdz leads to sql injection. The attack may be la... Read more

    Affected Products : like-girl
    • Published: Jun. 12, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-44906

    jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c.... Read more

    Affected Products : jhead
    • Published: May. 30, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-48887

    vLLM, an inference and serving engine for large language models (LLMs), has a Regular Expression Denial of Service (ReDoS) vulnerability in the file `vllm/entrypoints/openai/tool_parsers/pythonic_tool_parser.py` of versions 0.6.4 up to but excluding 0.9.0... Read more

    Affected Products : vllm
    • Published: May. 30, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Denial of Service

  • 7.3

    HIGH
    CVE-2025-45474

    maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery (SSRF) in Email Settings.... Read more

    Affected Products : maccms
    • Published: May. 29, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.3

    MEDIUM
    CVE-2025-5136

    A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. I... Read more

    Affected Products : tmall_demo
    • Published: May. 25, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Cryptography

  • 6.3

    MEDIUM
    CVE-2025-32790

    Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrat... Read more

    Affected Products : dify
    • Published: Apr. 18, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-32795

    Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-a... Read more

    Affected Products : dify
    • Published: Apr. 18, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-29058

    An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.php component.... Read more

    Affected Products : qimou_cms
    • Published: Apr. 18, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-29339

    An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value propagate... Read more

    Affected Products : open5gs
    • Published: Apr. 22, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2023-44755

    Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php.... Read more

    Affected Products : sacco_management_system
    • Published: Apr. 22, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-25580

    yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql() method at /xml/UserMapper.xml.... Read more

    Affected Products : yimioa
    • Published: Mar. 18, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-25590

    yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml.... Read more

    Affected Products : yimioa
    • Published: Mar. 18, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-25585

    Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords.... Read more

    Affected Products : yimioa
    • Published: Mar. 18, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Authorization
Showing 20 of 293620 Results