Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-21675

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Clear port select structure when fail to create Clear the port select structure on error so no stale values left after definers are destroyed. That's because the mlx5_lag_dest... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-21674

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel Attempt to enable IPsec packet offload in tunnel mode in debug kernel generates the following kernel panic, which... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Race Condition

  • 5.5

    MEDIUM
    CVE-2025-21673

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double free of TCP_Server_Info::hostname When shutting down the server in cifs_put_tcp_session(), cifsd thread might be reconnecting to multiple DFS targets before it r... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-21672

    In the Linux kernel, the following vulnerability has been resolved: afs: Fix merge preference rule failure condition syzbot reported a lock held when returning to userspace[1]. This is because if argc is less than 0 and the function returns directly, t... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Race Condition

  • 7.8

    HIGH
    CVE-2025-21671

    In the Linux kernel, the following vulnerability has been resolved: zram: fix potential UAF of zram table If zram_meta_alloc failed early, it frees allocated zram->table without setting it NULL. Which will potentially cause zram_meta_free to access the... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-21670

    In the Linux kernel, the following vulnerability has been resolved: vsock/bpf: return early if transport is not assigned Some of the core functions can only be called if the transport has been assigned. As Michal reported, a socket might have the trans... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-21669

    In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: discard packets if the transport changes If the socket has been de-assigned or assigned to another transport, we must discard any packets received because they are not exp... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-21668

    In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: add missing loop break condition Currently imx8mp_blk_ctrl_remove() will continue the for loop until an out-of-bounds exception occurs. pstate: 60000005 (nZC... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-21667

    In the Linux kernel, the following vulnerability has been resolved: iomap: avoid avoid truncating 64-bit offset to 32 bits on 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a 32-bit position due to folio_next_index() returning an un... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-21666

    In the Linux kernel, the following vulnerability has been resolved: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] Recent reports have shown how we sometimes call vsock_*_has_data() when a vsock socket has been de-assigned from a transport... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-21665

    In the Linux kernel, the following vulnerability has been resolved: filemap: avoid truncating 64-bit offset to 32 bits On 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a 64-bit value to 32 bits, leading to a possible infinite loop ... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2024-57948

    In the Linux kernel, the following vulnerability has been resolved: mac802154: check local interfaces before deleting sdata list syzkaller reported a corrupted list in ieee802154_if_remove. [1] Remove an IEEE 802.15.4 network interface after unregister... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2025
    • Modified: Feb. 02, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2024-13662

    The eHive Objects Image Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ehive_objects_image_grid' shortcode in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping on ... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-12415

    The The AI Infographic Maker plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.9.0. This is due to the software allowing users to execute an action that does not properly validate a value before ru... Read more

    Affected Products : infographic_maker
    • Published: Jan. 31, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2024-12267

    The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to limited arbitrary file deletion due to insufficient file path validation in the dnd_codedropz_upload_delete() function in all versions up to, and including, 1.3.... Read more

    • Published: Jan. 31, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Path Traversal

  • 6.4

    MEDIUM
    CVE-2024-12037

    The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bf_new_submission_link' shortcode in all versions up... Read more

    Affected Products : buddyforms
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025

  • 7.3

    HIGH
    CVE-2024-13472

    The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.9.4. This is due to the software allowing users to execute an action that does not properly validate a value... Read more

    Affected Products : woocommerce_product_table
    • Published: Jan. 31, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-24749

    Cross-Site Request Forgery (CSRF) vulnerability in Overt Software Solutions LTD EZPZ SAML SP Single Sign On (SSO) allows Cross Site Request Forgery. This issue affects EZPZ SAML SP Single Sign On (SSO): from n/a through 1.2.5.... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-24718

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SWIT WP Sessions Time Monitoring Full Automatic allows Reflected XSS. This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through 1.1... Read more

    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24710

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcel Pol Gwolle Guestbook allows Reflected XSS. This issue affects Gwolle Guestbook: from n/a through 4.7.1.... Read more

    Affected Products : gwolle_guestbook
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291335 Results