Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-38009

    In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: disable napi on driver removal A warning on driver removal started occurring after commit 9dd05df8403b ("net: warn if NAPI instance wasn't shut down"). Disable tx napi befor... Read more

    Affected Products : linux_kernel
    • Published: Jun. 18, 2025
    • Modified: Jun. 18, 2025

  • 0.0

    NA
    CVE-2025-38018

    In the Linux kernel, the following vulnerability has been resolved: net/tls: fix kernel panic when alloc_page failed We cannot set frag_list to NULL pointer when alloc_page failed. It will be used in tls_strp_check_queue_ok when the next time tls_strp_r... Read more

    Affected Products : linux_kernel
    • Published: Jun. 18, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38048

    In the Linux kernel, the following vulnerability has been resolved: virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN syzbot reports a data-race when accessing the event_triggered, here is the simplified stack when the issue occurr... Read more

    Affected Products : linux_kernel
    • Published: Jun. 18, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-38007

    In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Add NULL check in uclogic_input_configured() devm_kasprintf() returns NULL when memory allocation fails. Currently, uclogic_input_configured() does not check for this case... Read more

    Affected Products : linux_kernel
    • Published: Jun. 18, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38057

    In the Linux kernel, the following vulnerability has been resolved: espintcp: fix skb leaks A few error paths are missing a kfree_skb.... Read more

    Affected Products : linux_kernel
    • Published: Jun. 18, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38036

    In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Perform early GT MMIO initialization to read GMDID VFs need to communicate with the GuC to obtain the GMDID value and existing GuC functions used for that assume that the GT ... Read more

    Affected Products : linux_kernel
    • Published: Jun. 18, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2025-29720

    Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi.... Read more

    Affected Products : dify dify
    • Published: Apr. 14, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.3

    MEDIUM
    CVE-2025-2830

    By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to ... Read more

    Affected Products : thunderbird
    • Published: Apr. 15, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.3

    MEDIUM
    CVE-2025-3522

    Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the ... Read more

    Affected Products : thunderbird
    • Published: Apr. 15, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Information Disclosure

  • 5.9

    MEDIUM
    CVE-2025-3739

    Vulnerability in Drupal Drupal 8 Google Optimize Hide Page.This issue affects Drupal 8 Google Optimize Hide Page: *.*.... Read more

    • Published: Apr. 16, 2025
    • Modified: Jun. 18, 2025

  • 3.7

    LOW
    CVE-2025-32789

    EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of... Read more

    Affected Products : espocrm
    • Published: Apr. 16, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2024-41200

    A segmentation fault in KMPlayer v4.2.2.65 allows attackers to cause a Denial of Service (DoS) via a crafted AVI file.... Read more

    Affected Products : kmplayer
    • Published: Aug. 05, 2024
    • Modified: Jun. 18, 2025

  • 4.3

    MEDIUM
    CVE-2024-38808

    In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an applica... Read more

    • Published: Aug. 20, 2024
    • Modified: Jun. 18, 2025

  • 4.8

    MEDIUM
    CVE-2024-21140

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; O... Read more

    • Published: Jul. 16, 2024
    • Modified: Jun. 18, 2025

  • 9.8

    CRITICAL
    CVE-2022-1471

    SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing unt... Read more

    Affected Products : snakeyaml
    • Published: Dec. 01, 2022
    • Modified: Jun. 18, 2025

  • 6.1

    MEDIUM
    CVE-2025-5301

    ONLYOFFICE Docs (DocumentServer) in versions equal and below 8.3.1 are affected by a reflected cross-site scripting (XSS) issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are th... Read more

    Affected Products :
    • Published: Jun. 12, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-26412

    The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with ... Read more

    Affected Products :
    • Published: Jun. 11, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2025-49091

    KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary i... Read more

    Affected Products :
    • Published: Jun. 11, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authentication

  • 8.5

    HIGH
    CVE-2025-49619

    Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions t... Read more

    Affected Products :
    • Published: Jun. 07, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-27753

    A SQLi vulnerability in RSMediaGallery component 1.7.4 - 2.1.6 for Joomla was discovered. The vulnerability is due to the use of unescaped user-supplied parameters in SQL queries within the dashboard component. This allows an authenticated attacker to inj... Read more

    Affected Products :
    • Published: Jun. 05, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection
Showing 20 of 293617 Results