Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-53546

    Folo organizes feeds content into one timeline. Using pull_request_target on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets (from the base repo). By explo... Read more

    Affected Products :
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-52364

    Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22.5.4.93 allows the telnet service (telnetd) by default at boot via the initialization script /etc/init.d/eth.sh. This allows remote attackers to connect to the device s shell over the network... Read more

    Affected Products : cp3_pro_firmware cp3_pro
    • Published: Jul. 09, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-2670

    IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information abo... Read more

    Affected Products : openpages_with_watson openpages
    • Published: Jul. 09, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-1112

    IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users.... Read more

    • Published: Jul. 09, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authorization

  • 9.6

    CRITICAL
    CVE-2025-6514

    mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL... Read more

    Affected Products :
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-38264

    In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: sanitize request list handling Validate the request in nvme_tcp_handle_r2t() to ensure it's not part of any list, otherwise a malicious R2T PDU might inject a loop in request ... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-38263

    In the Linux kernel, the following vulnerability has been resolved: bcache: fix NULL pointer in cache_set_flush() 1. LINE#1794 - LINE#1887 is some codes about function of bch_cache_set_alloc(). 2. LINE#2078 - LINE#2142 is some codes about function of... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38262

    In the Linux kernel, the following vulnerability has been resolved: tty: serial: uartlite: register uart driver in init When two instances of uart devices are probing, a concurrency race can occur. If one thread calls uart_register_driver function, whic... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-38261

    In the Linux kernel, the following vulnerability has been resolved: riscv: save the SR_SUM status over switches When threads/tasks are switched we need to ensure the old execution's SR_SUM state is saved and the new thread has the old SR_SUM state resto... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38260

    In the Linux kernel, the following vulnerability has been resolved: btrfs: handle csum tree error with rescue=ibadroots correctly [BUG] There is syzbot based reproducer that can crash the kernel, with the following call trace: (With some debug output ad... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38259

    In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd9335: Fix missing free of regulator supplies Driver gets and enables all regulator supplies in probe path (wcd9335_parse_dt() and wcd9335_power_on_reset()), but does no... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38258

    In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write memcg_path_store() assigns a newly allocated memory buffer to filter->memcg_path, without deallocating th... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38257

    In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Prevent overflow in size calculation for memdup_user() Number of apqn target list entries contained in 'nr_apqns' variable is determined by userspace via an ioctl call so the... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38256

    In the Linux kernel, the following vulnerability has been resolved: io_uring/rsrc: fix folio unpinning syzbot complains about an unmapping failure: [ 108.070381][ T14] kernel BUG at mm/gup.c:71! [ 108.070502][ T14] Internal error: Oops - BUG: 000... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38255

    In the Linux kernel, the following vulnerability has been resolved: lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() While testing null_blk with configfs, echo 0 > poll_queues will trigger following panic: BUG: kernel NULL pointer ... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38254

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add sanity checks for drm_edid_raw() When EDID is retrieved via drm_edid_raw(), it doesn't guarantee to return proper EDID bytes the caller wants: it may be either NULL... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38253

    In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix crash in wacom_aes_battery_handler() Commit fd2a9b29dc9c ("HID: wacom: Remove AES power_supply after extended inactivity") introduced wacom_aes_battery_handler() which i... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38252

    In the Linux kernel, the following vulnerability has been resolved: cxl/ras: Fix CPER handler device confusion By inspection, cxl_cper_handle_prot_err() is making a series of fragile assumptions that can lead to crashes: 1/ It assumes that endpoints id... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38251

    In the Linux kernel, the following vulnerability has been resolved: atm: clip: prevent NULL deref in clip_push() Blamed commit missed that vcc_destroy_socket() calls clip_push() with a NULL skb. If clip_devs is NULL, clip_push() then crashes when readi... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38250

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix use-after-free in vhci_flush() syzbot reported use-after-free in vhci_flush() without repro. [0] From the splat, a thread close()d a vhci file descriptor while... Read more

    Affected Products : linux_kernel
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291368 Results