Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.1

    LOW
    CVE-2025-1150

    A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. ... Read more

    Affected Products : binutils
    • Published: Feb. 10, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-25186

    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-imap`'s response... Read more

    Affected Products :
    • Published: Feb. 10, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2025-24892

    OpenProject is open-source, web-based project management software. In versions prior to 15.2.1, the application fails to properly sanitize user input before displaying it in the Group Management section. Groups created with HTML script tags are not proper... Read more

    Affected Products : openproject
    • Published: Feb. 10, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.2

    CRITICAL
    CVE-2025-24032

    PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if cert_policy is set to none (the default value), then pam_pkcs11 will only check if the user is capable of logging into the token. An atta... Read more

    Affected Products :
    • Published: Feb. 10, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-24031

    PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. In versions 0.6.12 and prior, the pam_pkcs11 module segfaults when a user presses ctrl-c/ctrl-d when they are asked for a PIN. When a user enters no PIN at all, `pam... Read more

    Affected Products :
    • Published: Feb. 10, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-21693

    In the Linux kernel, the following vulnerability has been resolved: mm: zswap: properly synchronize freeing resources during CPU hotunplug In zswap_compress() and zswap_decompress(), the per-CPU acomp_ctx of the current CPU at the beginning of the opera... Read more

    Affected Products : linux_kernel
    • Published: Feb. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-21692

    In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan <[email protected]> found that ets_class_from_arg() can index an Out-Of-Bound class in ets_class_from_arg() when passed clid of 0. ... Read more

    Affected Products : linux_kernel
    • Published: Feb. 10, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-21691

    In the Linux kernel, the following vulnerability has been resolved: cachestat: fix page cache statistics permission checking When the 'cachestat()' system call was added in commit cf264e1329fb ("cachestat: implement cachestat syscall"), it was meant to ... Read more

    Affected Products : linux_kernel
    • Published: Feb. 10, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-21690

    In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there's a persistent error in the hypervisor, the SCSI warning for failed I/O can flood the kernel log and max o... Read more

    Affected Products : linux_kernel
    • Published: Feb. 10, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-21689

    In the Linux kernel, the following vulnerability has been resolved: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() This patch addresses a null-ptr-deref in qt2_process_read_urb() due to an incorrect bounds check in the following: ... Read more

    Affected Products : linux_kernel
    • Published: Feb. 10, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Memory Corruption

  • 4.7

    MEDIUM
    CVE-2025-21688

    In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Assign job pointer to NULL before signaling the fence In commit e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL after job completion"), we introduced a change to assi... Read more

    Affected Products : linux_kernel
    • Published: Feb. 10, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Race Condition

  • 7.8

    HIGH
    CVE-2025-21687

    In the Linux kernel, the following vulnerability has been resolved: vfio/platform: check the bounds of read/write syscalls count and offset are passed from user space and not checked, only offset is capped to 40 bits, which can be used to read/write out... Read more

    Affected Products : linux_kernel
    • Published: Feb. 10, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2024-57950

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize denominator defaults to 1 [WHAT & HOW] Variables, used as denominators and maybe not assigned to other values, should be initialized to non-zero to avoid DIV... Read more

    Affected Products : linux_kernel
    • Published: Feb. 10, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2024-12243

    A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows... Read more

    • Published: Feb. 10, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2024-12133

    A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker ... Read more

    • Published: Feb. 10, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2024-11831

    A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This c... Read more

    Affected Products : enterprise_linux
    • Published: Feb. 10, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.1

    LOW
    CVE-2025-1149

    A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remo... Read more

    Affected Products : binutils
    • Published: Feb. 10, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2024-10334

    A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used.  An attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed. This issu... Read more

    Affected Products :
    • Published: Feb. 10, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2025-1193

    Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack by presenting a ... Read more

    Affected Products : remote_desktop_manager
    • Published: Feb. 10, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Misconfiguration

  • 3.1

    LOW
    CVE-2025-1148

    A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely.... Read more

    Affected Products : binutils
    • Published: Feb. 10, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291570 Results