Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-38009

    In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: disable napi on driver removal A warning on driver removal started occurring after commit 9dd05df8403b ("net: warn if NAPI instance wasn't shut down"). Disable tx napi befor... Read more

    Affected Products : linux_kernel
    • Published: Jun. 18, 2025
    • Modified: Jun. 18, 2025

  • 0.0

    NA
    CVE-2025-38008

    In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: fix race condition in unaccepted memory handling The page allocator tracks the number of zones that have unaccepted memory using static_branch_enc/dec() and uses that sta... Read more

    Affected Products : linux_kernel
    • Published: Jun. 18, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-38007

    In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Add NULL check in uclogic_input_configured() devm_kasprintf() returns NULL when memory allocation fails. Currently, uclogic_input_configured() does not check for this case... Read more

    Affected Products : linux_kernel
    • Published: Jun. 18, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38006

    In the Linux kernel, the following vulnerability has been resolved: net: mctp: Don't access ifa_index when missing In mctp_dump_addrinfo, ifa_index can be used to filter interfaces, but only when the struct ifaddrmsg is provided. Otherwise it will be co... Read more

    Affected Products : linux_kernel
    • Published: Jun. 18, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38005

    In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Add missing locking Recent kernels complain about a missing lock in k3-udma.c when the lock validator is enabled: [ 4.128073] WARNING: CPU: 0 PID: 746 at dri... Read more

    Affected Products : linux_kernel
    • Published: Jun. 18, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Race Condition

  • 4.3

    MEDIUM
    CVE-2025-23999

    Missing Authorization vulnerability in Cloudways Breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through 2.2.13.... Read more

    Affected Products :
    • Published: Jun. 18, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2025-1088

    In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.... Read more

    Affected Products : grafana
    • Published: Jun. 18, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-5981

    Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.... Read more

    Affected Products : osv-scalibr
    • Published: Jun. 18, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-1562

    The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the install_or_activate_addon_pl... Read more

    Affected Products : funnelkit_automations
    • Published: Jun. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authorization

  • 4.7

    MEDIUM
    CVE-2025-4955

    The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks.... Read more

    Affected Products : tarteaucitron.io
    • Published: Jun. 18, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-51381

    An authentication bypass vulnerability exists in KCM3100 Ver1.4.2 and earlier. If this vulnerability is exploited, an attacker may bypass the authentication of the product from within the LAN to which the product is connected.... Read more

    Affected Products :
    • Published: Jun. 18, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-50202

    Lychee is a free photo-management tool. In versions starting from 6.6.6 to before 6.6.10, an attacker can leak local files including environment variables, nginx logs, other user's uploaded images, and configuration secrets due to a path traversal exploit... Read more

    Affected Products : lychee
    • Published: Jun. 18, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-4413

    The Pixabay Images plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pixabay_upload function in all versions up to, and including, 3.4. This makes it possible for authenticated attackers, with Author-l... Read more

    Affected Products : pixabay_images
    • Published: Jun. 18, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authentication

  • 4.5

    MEDIUM
    CVE-2025-23252

    The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to restricted components. A successful exploit of this vulnerability may lead to information disclosure.... Read more

    Affected Products :
    • Published: Jun. 18, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-49149

    Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-... Read more

    Affected Products : dify
    • Published: Jun. 17, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-49825

    Teleport provides connectivity, authentication, access controls and audit for infrastructure. Community Edition versions before and including 17.5.1 are vulnerable to remote authentication bypass. At time of posting, there is no available open-source patc... Read more

    Affected Products : teleport
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-49593

    Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. Prior to STS version 2.31.0 and LTS version 2.27.7, if a Portainer administrat... Read more

    Affected Products : portainer
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2025-49843

    conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travis_headers function in the conda-smithy repository creates files with permissions e... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Misconfiguration

  • 1.7

    LOW
    CVE-2025-49824

    conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travis_encrypt_binstar_token implementation in the conda-smithy package has been identi... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Cryptography

  • 7.8

    HIGH
    CVE-2025-49385

    Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.... Read more

    Affected Products : windows maximum_security_2022
    • Published: Jun. 17, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization
Showing 20 of 291728 Results