Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-47852

    In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible... Read more

    Affected Products : teamcity
    • Published: May. 20, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-47851

    In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible... Read more

    Affected Products : teamcity
    • Published: May. 20, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-47850

    In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning... Read more

    Affected Products : youtrack
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-47277

    vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the `PyNcclPipe` KV cache transfer integration with the V0 engine. No other configurations are affect... Read more

    Affected Products : vllm
    • Published: May. 20, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-46725

    Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `LanceDocChatAgent` uses pandas eval() through `compute_from_docs()`. As a result, an attacker may be able to make the agent run malicious c... Read more

    Affected Products : langroid
    • Published: May. 20, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-46724

    Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `TableChatAgent` uses `pandas eval()`. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerabl... Read more

    Affected Products : langroid
    • Published: May. 20, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-37991

    In the Linux kernel, the following vulnerability has been resolved: parisc: Fix double SIGFPE crash Camm noticed that on parisc a SIGFPE exception will crash an application with a second SIGFPE in the signal handler. Dave analyzed it, and it happens be... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-37990

    In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() The function brcmf_usb_dl_writeimage() calls the function brcmf_usb_dl_cmd() but dose not check its return value.... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-37989

    In the Linux kernel, the following vulnerability has been resolved: net: phy: leds: fix memory leak A network restart test on a router led to an out-of-memory condition, which was traced to a memory leak in the PHY LED trigger code. The root cause is m... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37988

    In the Linux kernel, the following vulnerability has been resolved: fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount() Normally do_lock_mount(path, _) is locking a mountpoint pinned by *path and at the time when matching unlock_mount(... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-37987

    In the Linux kernel, the following vulnerability has been resolved: pds_core: Prevent possible adminq overflow/stuck condition The pds_core's adminq is protected by the adminq_lock, which prevents more than 1 command to be posted onto it at any one time... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-37986

    In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Invalidate USB device pointers on partner unregistration To avoid using invalid USB device pointers after a Type-C partner disconnects, this patch clears the pointers... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 21, 2025

  • 0.0

    NA
    CVE-2025-37985

    In the Linux kernel, the following vulnerability has been resolved: USB: wdm: close race between wdm_open and wdm_wwan_port_stop Clearing WDM_WWAN_IN_USE must be the last action or we can open a chardev whose URBs are still poisoned... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-37984

    In the Linux kernel, the following vulnerability has been resolved: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() Herbert notes that DIV_ROUND_UP() may overflow unnecessarily if an ecdsa implementation's ->key_size() callback return... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cryptography

  • 0.0

    NA
    CVE-2025-37983

    In the Linux kernel, the following vulnerability has been resolved: qibfs: fix _another_ leak failure to allocate inode => leaked dentry... this one had been there since the initial merge; to be fair, if we are that far OOM, the odds of failing at that... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-22157

    This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server This... Read more

    • Published: May. 20, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-44084

    D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this vulnerability by crafting specific HTTP requests, triggering the command execution flaw and gaining the highest privilege shell access to the firmware system.... Read more

    Affected Products : di-8100 di-8100g_firmware
    • Published: May. 20, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-37982

    In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251_tx_work The skb dequeued from tx_queue is lost when wl1251_ps_elp_wakeup fails with a -ETIMEDOUT error. Fix that by queueing the skb back to tx_q... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37981

    In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Use is_kdump_kernel() to check for kdump The smartpqi driver checks the reset_devices variable to determine whether special adjustments need to be made for kdump. This h... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37980

    In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is successful but the function later encounters an error, we nee... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293437 Results