Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-37803

    In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix a buf size overflow issue during udmabuf creation by casting size_limit_mb to u64 when calculate pglimit.... Read more

    Affected Products : linux_kernel
    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-37802

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING" wait_event_timeout() will set the state of the current task to TASK_UNINTERRUPTIBLE, before doing the condition check. T... Read more

    Affected Products : linux_kernel
    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-37801

    In the Linux kernel, the following vulnerability has been resolved: spi: spi-imx: Add check for spi_imx_setupxfer() Add check for the return value of spi_imx_setupxfer(). spi_imx->rx and spi_imx->tx function pointer can be NULL when spi_imx_setupxfer() ... Read more

    Affected Products : linux_kernel
    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-37800

    In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential NULL pointer dereference in dev_uevent() If userspace reads "uevent" device attribute at the same time as another threads unbinds the device from its driver, ... Read more

    Affected Products : linux_kernel
    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-3419

    The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 4.0.26 via the proxy_image() function. This makes it possible for unauthenticated attacker... Read more

    Affected Products : eventin
    • Published: May. 08, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Information Disclosure

  • 7.3

    HIGH
    CVE-2024-13793

    The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.8.11. This is due to the software allowing users to execute an action that does not properl... Read more

    Affected Products : wolmart
    • Published: May. 08, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-32873

    An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of... Read more

    Affected Products : django
    • Published: May. 08, 2025
    • Modified: Sep. 02, 2025

  • 5.4

    MEDIUM
    CVE-2024-55651

    i-Educar is free, fully online school management software. Version 2.9 of the application fails to properly validate and sanitize user supplied input, leading to a stored cross-site scripting vulnerability that resides within the user type (Tipo de Usuári... Read more

    Affected Products : i-educar
    • Published: May. 08, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-46727

    Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, `Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the number of parame... Read more

    Affected Products : rack
    • Published: May. 07, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2025-35939

    Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and... Read more

    Affected Products : craft_cms
    • Actively Exploited
    • Published: May. 07, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Misconfiguration

  • 4.2

    MEDIUM
    CVE-2025-32441

    Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the `Rack::Session::Pool` middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack sessio... Read more

    Affected Products : rack
    • Published: May. 07, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Race Condition

  • 6.5

    MEDIUM
    CVE-2025-0936

    On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly... Read more

    Affected Products : eos
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Information Disclosure

  • 1.3

    LOW
    CVE-2025-46826

    insa-auth is an authentication server for INSA Rouen. A minor issue allowed third-party websites to access the server's secondary authentication bridge, potentially revealing basic student information (name and number). However, the issue posed minimal ri... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-46821

    Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matcher incorrectly excludes the `*` character from a set of valid characters in the URI path. As a result URI path containing th... Read more

    Affected Products : envoy
    • Published: May. 07, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-46265

    On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS roles. Note: Software versions which have reached End of Technical Support (EoTS) are not evalu... Read more

    Affected Products : f5os-a
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Authorization

  • 8.3

    HIGH
    CVE-2025-43878

    When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system.  Note: Soft... Read more

    Affected Products : f5os-a
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-41433

    When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. ... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-41431

    When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate in the standby BIG-IP systems in a traffic group. Note: Software versions which have reached End of Techni... Read more

    • Published: May. 07, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-41414

    When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated... Read more

    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-41399

    When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not eva... Read more

    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Denial of Service
Showing 20 of 293679 Results