Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2021-47536

    In the Linux kernel, the following vulnerability has been resolved: net/smc: fix wrong list_del in smc_lgr_cleanup_early smc_lgr_cleanup_early() meant to delete the link group from the link group list, but it deleted the list head by mistake. This may ... Read more

    Affected Products : linux_kernel
    • Published: May. 24, 2024
    • Modified: Sep. 18, 2025

  • 5.5

    MEDIUM
    CVE-2021-47538

    In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() Need to call rxrpc_put_local() for peer candidate before kfree() as it holds a ref to rxrpc_local. [DH: v2: Changed to abstract the p... Read more

    Affected Products : linux_kernel
    • Published: May. 24, 2024
    • Modified: Sep. 18, 2025

  • 5.5

    MEDIUM
    CVE-2021-47539

    In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() Need to call rxrpc_put_peer() for bundle candidate before kfree() as it holds a ref to rxrpc_peer. [DH: v2: Changed to abstract out... Read more

    Affected Products : linux_kernel
    • Published: May. 24, 2024
    • Modified: Sep. 18, 2025

  • 9.8

    CRITICAL
    CVE-2025-10079

    A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this vulnerability is an unknown functionality of the file /get-quote.php. Executing manipulation of the argument Contact can lead to sql injection. The attack can be executed remotely. The ex... Read more

    Affected Products : small_crm
    • Published: Sep. 08, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2024-36019

    In the Linux kernel, the following vulnerability has been resolved: regmap: maple: Fix cache corruption in regcache_maple_drop() When keeping the upper end of a cache block entry, the entry[] array must be indexed by the offset from the base register of... Read more

    Affected Products : linux_kernel
    • Published: May. 30, 2024
    • Modified: Sep. 18, 2025

  • 7.8

    HIGH
    CVE-2024-36015

    In the Linux kernel, the following vulnerability has been resolved: ppdev: Add an error check in register_device In register_device, the return value of ida_simple_get is unchecked, in witch ida_simple_get will use an invalid index value. To address th... Read more

    Affected Products : linux_kernel
    • Published: May. 29, 2024
    • Modified: Sep. 18, 2025

  • 6.5

    MEDIUM
    CVE-2025-58782

    Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that... Read more

    Affected Products : jackrabbit jackrabbit_jcr_commons
    • Published: Sep. 08, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2024-27063

    In the Linux kernel, the following vulnerability has been resolved: leds: trigger: netdev: Fix kernel panic on interface rename trig notify Commit d5e01266e7f5 ("leds: trigger: netdev: add additional specific link speed mode") in the various changes, re... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2024
    • Modified: Sep. 18, 2025

  • 5.5

    MEDIUM
    CVE-2024-27039

    In the Linux kernel, the following vulnerability has been resolved: clk: hisilicon: hi3559a: Fix an erroneous devm_kfree() 'p_clk' is an array allocated just before the for loop for all clk that need to be registered. It is incremented at each loop iter... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2024
    • Modified: Sep. 18, 2025

  • 5.5

    MEDIUM
    CVE-2021-47567

    In the Linux kernel, the following vulnerability has been resolved: powerpc/32: Fix hardlockup on vmap stack overflow Since the commit c118c7303ad5 ("powerpc/32: Fix vmap stack - Do not activate MMU before reading task struct") a vmap stack overflow res... Read more

    Affected Products : linux_kernel
    • Published: May. 24, 2024
    • Modified: Sep. 18, 2025

  • 3.7

    LOW
    CVE-2024-48341

    dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addShop... Read more

    Affected Products : dingfanzu
    • Published: Sep. 08, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.8

    HIGH
    CVE-2021-47566

    In the Linux kernel, the following vulnerability has been resolved: proc/vmcore: fix clearing user buffer by properly using clear_user() To clear a user buffer we cannot simply use memset, we have to use clear_user(). With a virtio-mem device that regi... Read more

    Affected Products : linux_kernel
    • Published: May. 24, 2024
    • Modified: Sep. 18, 2025

  • 7.8

    HIGH
    CVE-2021-47565

    In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix kernel panic during drive powercycle test While looping over shost's sdev list it is possible that one of the drives is getting removed and its sas_target object is f... Read more

    Affected Products : linux_kernel
    • Published: May. 24, 2024
    • Modified: Sep. 18, 2025

  • 7.8

    HIGH
    CVE-2021-47561

    In the Linux kernel, the following vulnerability has been resolved: i2c: virtio: disable timeout handling If a timeout is hit, it can result is incorrect data on the I2C bus and/or memory corruptions in the guest since the device can still be operating ... Read more

    Affected Products : linux_kernel
    • Published: May. 24, 2024
    • Modified: Sep. 18, 2025

  • 5.5

    MEDIUM
    CVE-2021-47558

    In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Disable Tx queues when reconfiguring the interface The Tx queues were not disabled in situations where the driver needed to stop the interface to apply a new configuration.... Read more

    Affected Products : linux_kernel
    • Published: May. 24, 2024
    • Modified: Sep. 18, 2025

  • 5.4

    MEDIUM
    CVE-2025-33008

    IBM Sterling B2B Integrator 6.2.1.0 and IBM Sterling File Gateway 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote... Read more

    • Published: Aug. 19, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-25733

    Incorrect access control in the SPI Flash Chip of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows physically proximate attackers to arbitrarily modify SPI flash regions, leading to a deg... Read more

    • Published: Aug. 26, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2021-47555

    In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix underflow for the real_dev refcnt Inject error before dev_hold(real_dev) in register_vlan_dev(), and execute the following testcase: ip link add dev dummy1 type dummy ip... Read more

    Affected Products : linux_kernel
    • Published: May. 24, 2024
    • Modified: Sep. 18, 2025

  • 5.5

    MEDIUM
    CVE-2024-27056

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: ensure offloading TID queue exists The resume code path assumes that the TX queue for the offloading TID has been configured. At resume time it then tries to sync th... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2024
    • Modified: Sep. 18, 2025

  • 7.8

    HIGH
    CVE-2025-23312

    NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escala... Read more

    Affected Products : nemo
    • Published: Aug. 26, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Injection
Showing 20 of 294701 Results