Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-38665

    In the Linux kernel, the following vulnerability has been resolved: can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode Andrei Lalaev reported a NULL pointer deref when a CAN device is restarted from Bus Off and the dr... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38656

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() Preserve the error code if iwl_setup_deferred_work() fails. The current code returns ERR_PTR(0) (which is NULL) on this path. ... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38654

    In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix order of DT parse and pinctrl register Move DT parse before pinctrl register. This ensures that device tree parsing is done before calling devm_pinctrl_regist... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38653

    In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al Check pde->proc_ops->proc_lseek directly may cause UAF in rmmod scenario. It's a gap in proc_reg_open(... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-36005

    IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information ... Read more

    • Published: Jul. 24, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure

  • 8.6

    HIGH
    CVE-2025-27393

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new users. This could allow an authenticated highly-privileged remote attacker to execu... Read more

    • Published: Mar. 11, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-27394

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new SNMP users. This could allow an authenticated highly-privileged remote attacker to ... Read more

    • Published: Mar. 11, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-27395

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. This could allow an authenticat... Read more

    • Published: Mar. 11, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-27396

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the elevation of privileges required to perform certain valid functionality. This could allow an authenticated lowl... Read more

    • Published: Mar. 11, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2025-27397

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit user controlled paths to which logs are written and from where they are read. This could allow an authenticated hig... Read more

    • Published: Mar. 11, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Path Traversal

  • 2.7

    LOW
    CVE-2025-27398

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly neutralize special characters when interpreting user controlled log paths. This could allow an authenticated highly-privi... Read more

    • Published: Mar. 11, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2025-27493

    A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize user input for specific commands on the telnet command line interface.... Read more

    • Published: Mar. 11, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-27494

    A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an aut... Read more

    • Published: Mar. 11, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 3.3

    LOW
    CVE-2025-27496

    Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver wou... Read more

    Affected Products : snowflake_jdbc
    • Published: Mar. 13, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2025-55010

    Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by mod... Read more

    Affected Products : kanboard
    • Published: Aug. 12, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 5.2

    MEDIUM
    CVE-2025-54410

    Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firew... Read more

    Affected Products : moby
    • Published: Jul. 30, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2025-55011

    Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, the createTaskFile method in the API does not validate whether the task_id parameter is a valid task id, nor does it check for path traversal. As a re... Read more

    Affected Products : kanboard
    • Published: Aug. 12, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Path Traversal

  • 8.6

    HIGH
    CVE-2025-54254

    Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensi... Read more

    • Published: Aug. 05, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: XML External Entity

  • 8.7

    HIGH
    CVE-2025-49557

    Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into v... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Aug. 12, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-46789

    Classic buffer overflow in certain Zoom Clients for Windows may allow an authorized user to conduct a denial of service via network access.... Read more

    Affected Products : zoom
    • Published: Jul. 10, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291623 Results