Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-38477

    In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can occur when 'agg' is modified in qfq_change_agg (called during qfq_enqueue) while other threads access it con... Read more

    Affected Products : linux_kernel
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 0.0

    NA
    CVE-2025-38476

    In the Linux kernel, the following vulnerability has been resolved: rpl: Fix use-after-free in rpl_do_srh_inline(). Running lwt_dst_cache_ref_loop.sh in selftest with KASAN triggers the splat below [0]. rpl_do_srh_inline() fetches ipv6_hdr(skb) and acc... Read more

    Affected Products : linux_kernel
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 0.0

    NA
    CVE-2025-38475

    In the Linux kernel, the following vulnerability has been resolved: smc: Fix various oops due to inet_sock type confusion. syzbot reported weird splats [0][1] in cipso_v4_sock_setattr() while freeing inet_sk(sk)->inet_opt. The address was freed multipl... Read more

    Affected Products : linux_kernel
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 0.0

    NA
    CVE-2025-38474

    In the Linux kernel, the following vulnerability has been resolved: usb: net: sierra: check for no status endpoint The driver checks for having three endpoints and having bulk in and out endpoints, but not that the third endpoint is interrupt input. Rec... Read more

    Affected Products : linux_kernel
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 0.0

    NA
    CVE-2025-38473

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() syzbot reported null-ptr-deref in l2cap_sock_resume_cb(). [0] l2cap_sock_resume_cb() has a similar problem that was fixed by com... Read more

    Affected Products : linux_kernel
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 0.0

    NA
    CVE-2025-38472

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry A crash in conntrack was reported while trying to unlink the conntrack entry from the hash bucket list: [exc... Read more

    Affected Products : linux_kernel
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 0.0

    NA
    CVE-2025-38471

    In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compacts skbs much more aggressively. This unearthed a bug in TLS where we may try to operate on an ... Read more

    Affected Products : linux_kernel
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 0.0

    NA
    CVE-2025-38470

    In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Assuming the "rx-vlan-filter" feature is enabled on a net device, the 8021q module will automatically add o... Read more

    Affected Products : linux_kernel
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 0.0

    NA
    CVE-2025-38469

    In the Linux kernel, the following vulnerability has been resolved: KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls kvm_xen_schedop_poll does a kmalloc_array() when a VM polls the host for more than one event channel potr (nr... Read more

    Affected Products : linux_kernel
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 0.0

    NA
    CVE-2025-38468

    In the Linux kernel, the following vulnerability has been resolved: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree htb_lookup_leaf has a BUG_ON that can trigger with the following: tc qdisc del dev lo root tc qdisc add dev lo ro... Read more

    Affected Products : linux_kernel
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 9.8

    CRITICAL
    CVE-2025-8273

    A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/update_s8.php. The manipulation of the argument credits leads to sql injection. It is possible to launch th... Read more

    Affected Products : exam_form_submission
    • Published: Jul. 28, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-8272

    A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/update_fst.php. The manipulation of the argument credits leads to sql injection. The attack m... Read more

    Affected Products : exam_form_submission
    • Published: Jul. 28, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-6918

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ncvav Virtual PBX Software allows SQL Injection.This issue affects Virtual PBX Software: before 09.07.2025.... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 4.8

    MEDIUM
    CVE-2025-40730

    HTML injection in Vox Media's Chorus CMS. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'q' parameter in '/search'. This vulnerability can be exploited to steal sensitive... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 9.8

    CRITICAL
    CVE-2025-8271

    A vulnerability was found in code-projects Exam Form Submission 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete_s3.php. The manipulation of the argument ID leads to sql injection. The attack can be ... Read more

    Affected Products : exam_form_submission
    • Published: Jul. 28, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-8270

    A vulnerability was found in code-projects Exam Form Submission 1.0. It has been classified as critical. This affects an unknown part of the file /admin/delete_s2.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate ... Read more

    Affected Products : exam_form_submission
    • Published: Jul. 28, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-8269

    A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete_s1.php. The manipulation of the argument ID leads to sql injection. The attack m... Read more

    Affected Products : exam_form_submission
    • Published: Jul. 28, 2025
    • Modified: Jul. 30, 2025

  • 6.5

    MEDIUM
    CVE-2025-8266

    A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.2 and classified as critical. Affected by this vulnerability is the function getArticle of the file app/modules/cms/controller/collect.js. The manipulation of the argument targetUrl leads to... Read more

    Affected Products : chancms
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 5.8

    MEDIUM
    CVE-2025-8265

    A vulnerability classified as critical has been found in 299Ko CMS 2.0.0. This affects an unknown part of the file /admin/filemanager/view of the component File Management. The manipulation leads to unrestricted upload. It is possible to initiate the atta... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 4.8

    MEDIUM
    CVE-2025-27802

    The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. RTE properties (t... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
Showing 20 of 290978 Results