Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-53106

    In the Linux kernel, the following vulnerability has been resolved: ima: fix buffer overrun in ima_eventdigest_init_common Function ima_eventdigest_init() calls ima_eventdigest_init_common() with HASH_ALGO__LAST which is then used to access the array ha... Read more

    Affected Products : linux_kernel
    • Published: Dec. 02, 2024
    • Modified: Sep. 19, 2025

  • 7.1

    HIGH
    CVE-2023-52682

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait on block writeback for post_read case If inode is compressed, but not encrypted, it missed to call f2fs_wait_on_block_writeback() to wait for GCed page writeback in IP... Read more

    Affected Products : linux_kernel
    • Published: May. 17, 2024
    • Modified: Sep. 19, 2025

  • 8.1

    HIGH
    CVE-2025-23206

    The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprin... Read more

    Affected Products : aws_cloud_development_kit
    • Published: Jan. 17, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2024-53147

    In the Linux kernel, the following vulnerability has been resolved: exfat: fix out-of-bounds access of directory entries In the case of the directory size is greater than or equal to the cluster size, if start_clu becomes an EOF cluster(an invalid clust... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2024
    • Modified: Sep. 19, 2025

  • 5.5

    MEDIUM
    CVE-2024-35838

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential sta-link leak When a station is allocated, links are added but not set to valid yet (e.g. during connection to an AP MLD), we might remove the station with... Read more

    Affected Products : linux_kernel
    • Published: May. 17, 2024
    • Modified: Sep. 19, 2025

  • 9.8

    CRITICAL
    CVE-2025-0558

    A vulnerability classified as critical was found in TDuckCloud tduck-platform up to 4.0. This vulnerability affects the function QueryProThemeRequest of the file src/main/java/com/tduck/cloud/form/request/QueryProThemeRequest.java. The manipulation of the... Read more

    Affected Products : tduck-platform
    • Published: Jan. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2024-53158

    In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() This loop is supposed to break if the frequency returned from clk_round_rate() is the same as on the previous iteration.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2024
    • Modified: Sep. 19, 2025

  • 6.5

    MEDIUM
    CVE-2025-24010

    Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vu... Read more

    Affected Products : vite
    • Published: Jan. 20, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 4.7

    MEDIUM
    CVE-2024-53160

    In the Linux kernel, the following vulnerability has been resolved: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu KCSAN reports a data race when access the krcp->monitor_work.timer.expires variable in the schedule_delayed_monitor_work() fun... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2024
    • Modified: Sep. 19, 2025

  • 8.8

    HIGH
    CVE-2025-23011

    Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives ("Zip Slip"). A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthen... Read more

    Affected Products : fcrepo
    • Published: Jan. 23, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-57296

    Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. When handling the list and vlanId parameters, the sub_ADBC0 helper function con... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-56869

    Directory traversal vulnerability in Sync In server thru 1.1.1 allowing authenticated attackers to gain read and write access to the system via FilesManager.saveMultipart function in backend/src/applications/files/services/files-manager.service.ts, and Fi... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Path Traversal

  • 9.0

    CRITICAL
    CVE-2025-48703

    CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-10722

    A vulnerability was detected in SKTLab Mukbee App 1.01.196 on Android. This affects an unknown function of the file AndroidManifest.xml of the component com.dw.android.mukbee. The manipulation results in improper export of android application components. ... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-10721

    A vulnerability was determined in Webull Investing & Trading App 11.2.5.63 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml. This manipulation causes improper export of android application components. The attack can only... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2024-42412

    Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web b... Read more

    • Published: Aug. 30, 2024
    • Modified: Sep. 19, 2025

  • 7.8

    HIGH
    CVE-2024-29219

    Out-of-bounds read vulnerability exists in KV STUDIO Ver.11.64 and earlier and KV REPLAY VIEWER Ver.2.64 and earlier, and VT5-WX15/WX12 Ver.6.02 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affe... Read more

    • Published: Apr. 15, 2024
    • Modified: Sep. 19, 2025

  • 9.8

    CRITICAL
    CVE-2024-28125

    FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further investigation.... Read more

    Affected Products : fitnesse
    • Published: Mar. 18, 2024
    • Modified: Sep. 19, 2025

  • 6.5

    MEDIUM
    CVE-2024-21865

    HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell.... Read more

    Affected Products :
    • Published: Mar. 25, 2024
    • Modified: Sep. 19, 2025

  • 7.5

    HIGH
    CVE-2023-38522

    Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This ... Read more

    Affected Products : traffic_server
    • Published: Jul. 26, 2024
    • Modified: Sep. 19, 2025
Showing 20 of 294836 Results