Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2023-47430

    Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.3.3 allows attackers to cause a denial of service via via the SendContainer() function at tivo_commands.c.... Read more

    Affected Products : readymedia
    • Published: Mar. 25, 2024
    • Modified: Sep. 19, 2025

  • 4.7

    MEDIUM
    CVE-2024-35798

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race in read_extent_buffer_pages() There are reports from tree-checker that detects corrupted nodes, without any obvious pattern so possibly an overwrite in memory. After som... Read more

    Affected Products : linux_kernel
    • Published: May. 17, 2024
    • Modified: Sep. 19, 2025

  • 5.5

    MEDIUM
    CVE-2025-22607

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the details page for any GitHub / GitLab configuration on... Read more

    Affected Products : coolify
    • Published: Jan. 24, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2025-22606

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In version 4.0.0-beta.358 and possibly earlier versions, when creating or updating a "project," it is possible to inject arbitrary shell commands by alteri... Read more

    Affected Products : coolify
    • Published: Jan. 24, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2024-29025

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the... Read more

    Affected Products : netty debian_linux
    • Published: Mar. 25, 2024
    • Modified: Sep. 19, 2025

  • 8.5

    HIGH
    CVE-2025-22605

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Starting in version 4.0.0-beta.18 and prior to 4.0.0-beta.253, a vulnerability in the execution of commands on remote servers allows an authenticated user ... Read more

    Affected Products : coolify
    • Published: Jan. 24, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-25175

    An issue in Kickdler before v1.107.0 allows attackers to provide an XSS payload via a HTTP response splitting attack.... Read more

    Affected Products : kickdler
    • Published: Mar. 25, 2024
    • Modified: Sep. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-28024

    Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=grade.... Read more

    • Published: Apr. 21, 2022
    • Modified: Sep. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-28025

    Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=school_year.... Read more

    • Published: Apr. 21, 2022
    • Modified: Sep. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-28026

    Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=student_p&id=.... Read more

    • Published: Apr. 21, 2022
    • Modified: Sep. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-27304

    Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user parameter.... Read more

    • Published: Apr. 05, 2022
    • Modified: Sep. 19, 2025

  • 3.3

    LOW
    CVE-2022-48668

    In the Linux kernel, the following vulnerability has been resolved: smb3: fix temporary data corruption in collapse range collapse range doesn't discard the affected cached region so can risk temporarily corrupting the file data. This fixes xfstest gene... Read more

    Affected Products : linux_kernel
    • Published: Apr. 28, 2024
    • Modified: Sep. 19, 2025

  • 3.3

    LOW
    CVE-2022-48667

    In the Linux kernel, the following vulnerability has been resolved: smb3: fix temporary data corruption in insert range insert range doesn't discard the affected cached region so can risk temporarily corrupting file data. Also includes some minor clean... Read more

    Affected Products : linux_kernel
    • Published: Apr. 28, 2024
    • Modified: Sep. 19, 2025

  • 5.5

    MEDIUM
    CVE-2022-48665

    In the Linux kernel, the following vulnerability has been resolved: exfat: fix overflow for large capacity partition Using int type for sector index, there will be overflow in a large capacity partition. For example, if storage with sector size of 512 ... Read more

    Affected Products : linux_kernel
    • Published: Apr. 28, 2024
    • Modified: Sep. 19, 2025

  • 8.8

    HIGH
    CVE-2025-10409

    A weakness has been identified in SourceCodester Student Grading System 1.0. This affects an unknown part of the file /rms.php?page=users. Executing manipulation of the argument fname can lead to sql injection. The attack can be launched remotely. The exp... Read more

    • Published: Sep. 14, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2022-48653

    In the Linux kernel, the following vulnerability has been resolved: ice: Don't double unplug aux on peer initiated reset In the IDC callback that is accessed when the aux drivers request a reset, the function to unplug the aux devices is called. This f... Read more

    Affected Products : linux_kernel
    • Published: Apr. 28, 2024
    • Modified: Sep. 19, 2025

  • 5.5

    MEDIUM
    CVE-2022-48652

    In the Linux kernel, the following vulnerability has been resolved: ice: Fix crash by keep old cfg when update TCs more than queues There are problems if allocated queues less than Traffic Classes. Commit a632b2a4c920 ("ice: ethtool: Prohibit improper ... Read more

    Affected Products : linux_kernel
    • Published: Apr. 28, 2024
    • Modified: Sep. 19, 2025

  • 5.5

    MEDIUM
    CVE-2022-48645

    In the Linux kernel, the following vulnerability has been resolved: net: enetc: deny offload of tc-based TSN features on VF interfaces TSN features on the ENETC (taprio, cbs, gate, police) are configured through a mix of command BD ring messages and por... Read more

    Affected Products : linux_kernel
    • Published: Apr. 28, 2024
    • Modified: Sep. 19, 2025

  • 5.7

    MEDIUM
    CVE-2025-2598

    When the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI) is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this... Read more

    Affected Products : aws_cloud_development_kit
    • Published: Mar. 21, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2022-48644

    In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: avoid disabling offload when it was never enabled In an incredibly strange API design decision, qdisc->destroy() gets called even if qdisc->init() never succeeded, no... Read more

    Affected Products : linux_kernel
    • Published: Apr. 28, 2024
    • Modified: Sep. 19, 2025
Showing 20 of 294832 Results