Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-7425

    A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID ... Read more

    • Published: Jul. 10, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-7424

    A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory... Read more

    • Published: Jul. 10, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-7407

    A vulnerability, which was classified as critical, was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argument host_name leads to os command injection. It is possible to initiate the attack rem... Read more

    Affected Products : d6400_firmware d6400
    • Published: Jul. 10, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-36697

    A cross-site scripting (XSS) vulnerability in the Admin Login page of Allworx System Software v9.1.9.12 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SessionID parameter at query.asp.... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-6211

    A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks conta... Read more

    Affected Products : llamaindex
    • Published: Jul. 10, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-5040

    A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the cur... Read more

    Affected Products : revit
    • Published: Jul. 10, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-5037

    A maliciously crafted RFA, RTE, or RVT file, when parsed through Autodesk Revit, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more

    Affected Products : revit
    • Published: Jul. 10, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 8.2

    HIGH
    CVE-2025-32990

    A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer wr... Read more

    • Published: Jul. 10, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2024-7650

    Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Directory Services allows Remote Code Inclusion. The vulnerability could allow access to the system via script injection.This issue affects Directory Services: 23.4.... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-6948

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by inj... Read more

    Affected Products : gitlab
    • Published: Jul. 10, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 2.7

    LOW
    CVE-2025-6168

    An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests.... Read more

    Affected Products : gitlab
    • Published: Jul. 10, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-5023

    Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the units of the pr... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-5022

    Weak Password Requirements vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the units of the produ... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authentication

  • 2.7

    LOW
    CVE-2025-4972

    An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group... Read more

    Affected Products : gitlab
    • Published: Jul. 10, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-3396

    An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API reque... Read more

    Affected Products : gitlab
    • Published: Jul. 10, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-38348

    In the Linux kernel, the following vulnerability has been resolved: wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() Robert Morris reported: |If a malicious USB device pretends to be an Intersil p54 wifi |interface and generates an eeprom... Read more

    Affected Products : linux_kernel
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38347

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on ino and xnid syzbot reported a f2fs bug as below: INFO: task syz-executor140:5308 blocked for more than 143 seconds. Not tainted 6.14.0-rc7-syzkal... Read more

    Affected Products : linux_kernel
    • Published: Jul. 10, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-38346

    In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix UAF when lookup kallsym after ftrace disabled The following issue happens with a buggy module: BUG: unable to handle page fault for address: ffffffffc05d0218 PGD 1bd66f067 ... Read more

    Affected Products : linux_kernel
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38345

    In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi operand cache leak in dswstate.c ACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 I found an ACPI cache leak in ACPI early termination and boot continuing case. ... Read more

    Affected Products : linux_kernel
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38344

    In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi parse and parseext cache leaks ACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5 I'm Seunghun Han, and I work for National Security Research Institute of South Ko... Read more

    Affected Products : linux_kernel
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291608 Results