Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-25051

    IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated privileged user to impersonate another user on the system.... Read more

    • Published: Apr. 02, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-21994

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix incorrect validation for num_aces field of smb_acl parse_dcal() validate num_aces to allocate posix_ace_state_array. if (num_aces > ULONG_MAX / sizeof(struct smb_ace *)) It... Read more

    Affected Products : linux_kernel
    • Published: Apr. 02, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-50597

    An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this ... Read more

    • Published: Apr. 02, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-50596

    An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this ... Read more

    • Published: Apr. 02, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-50595

    An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious... Read more

    • Published: Apr. 02, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-50594

    An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious... Read more

    • Published: Apr. 02, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-50385

    A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger thi... Read more

    • Published: Apr. 02, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-50384

    A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger thi... Read more

    • Published: Apr. 02, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2024-45064

    A buffer overflow vulnerability exists in the FileX Internal RAM interface functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted set of network packets can lead to code execution. An attacker can send a sequence of requests to tr... Read more

    • Published: Apr. 02, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-30090

    mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true.... Read more

    Affected Products : squirrelmail change_passwd
    • Published: Apr. 02, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.8

    MEDIUM
    CVE-2025-27556

    An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subjec... Read more

    Affected Products : django
    • Published: Apr. 02, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-21993

    In the Linux kernel, the following vulnerability has been resolved: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() When performing an iSCSI boot using IPv6, iscsistart still reads the /sys/firmware/ibft/ethernetX/subnet-mask e... Read more

    Affected Products : linux_kernel
    • Published: Apr. 02, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-21992

    In the Linux kernel, the following vulnerability has been resolved: HID: ignore non-functional sensor in HP 5MP Camera The HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that is not actually implemented. Attempting to access this non-fu... Read more

    Affected Products : linux_kernel
    • Published: Apr. 02, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-21991

    In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Currently, load_microcode_amd() iterates over all NUMA nodes, retrieves their CPU masks and unconditionally acce... Read more

    Affected Products : linux_kernel
    • Published: Apr. 02, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-21990

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags PRT BOs may not have any backing store, so bo->tbo.resource will be NULL. Check for that before dereferencing.... Read more

    Affected Products : linux_kernel
    • Published: Apr. 02, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-21989

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix missing .is_two_pixels_per_container Starting from 6.11, AMDGPU driver, while being loaded with amdgpu.dc=1, due to lack of .is_two_pixels_per_container function in... Read more

    Affected Products : linux_kernel
    • Published: Apr. 02, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-21988

    In the Linux kernel, the following vulnerability has been resolved: fs/netfs/read_collect: add to next->prev_donated If multiple subrequests donate data to the same "next" request (depending on the subrequest completion order), each of them would overwr... Read more

    Affected Products : linux_kernel
    • Published: Apr. 02, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-21987

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: init return value in amdgpu_ttm_clear_buffer Otherwise an uninitialized value can be returned if amdgpu_res_cleared returns true for all regions. Possibly closes: https://g... Read more

    Affected Products : linux_kernel
    • Published: Apr. 02, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-1805

    Crypt::Salt for Perl version 0.01 uses insecure rand() function when generating salts for cryptographic purposes.... Read more

    Affected Products :
    • Published: Apr. 02, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Cryptography

  • 4.3

    MEDIUM
    CVE-2025-2842

    A flaw was found in the Tempo Operator. When the Jaeger UI Monitor Tab functionality is enabled in a Tempo instance managed by the Tempo Operator, the Operator creates a ClusterRoleBinding for the Service Account of the Tempo instance to grant the cluster... Read more

    Affected Products :
    • Published: Apr. 02, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Authorization
Showing 20 of 293298 Results