Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2014-0755

    Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.... Read more

    • Published: Feb. 05, 2014
    • Modified: Sep. 19, 2025

  • 9.8

    CRITICAL
    CVE-2024-9644

    The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead o... Read more

    Affected Products : f3x36_firmware f3x36
    • Published: Feb. 04, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-57610

    A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-force attacks on user accounts, significantly increasing the risk of account compromise and denial of service for legitimate users. The Supplier's position is th... Read more

    Affected Products : sylius
    • Published: Feb. 06, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-27145

    copyparty, a portable file server, has a DOM-based cross-site scripting vulnerability in versions prior to 1.16.15. The vulnerability is considered low-risk. By handing someone a maliciously-named file, and then tricking them into dragging the file into c... Read more

    Affected Products : copyparty copyparty
    • Published: Feb. 25, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2024-12856

    The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the sy... Read more

    • Published: Dec. 27, 2024
    • Modified: Sep. 19, 2025

  • 7.5

    HIGH
    CVE-2022-45688

    A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.... Read more

    Affected Products : hutool json-java json-java
    • Published: Dec. 13, 2022
    • Modified: Sep. 19, 2025

  • 7.5

    HIGH
    CVE-2023-5072

    Denial of Service in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.... Read more

    Affected Products : json-java json-java
    • Published: Oct. 12, 2023
    • Modified: Sep. 19, 2025

  • 5.8

    MEDIUM
    CVE-2025-23041

    Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2... Read more

    Affected Products : umbraco_forms
    • Published: Jan. 14, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 4.7

    MEDIUM
    CVE-2024-46734

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between direct IO write and fsync when using same fd If we have 2 threads that are using the same file descriptor and one of them is doing direct IO writes while the oth... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 19, 2025

  • 5.5

    MEDIUM
    CVE-2024-50290

    In the Linux kernel, the following vulnerability has been resolved: media: cx24116: prevent overflows on SNR calculus as reported by Coverity, if reading SNR registers fail, a negative number will be returned, causing an underflow when reading SNR regis... Read more

    Affected Products : linux_kernel
    • Published: Nov. 19, 2024
    • Modified: Sep. 19, 2025

  • 5.5

    MEDIUM
    CVE-2024-35892

    In the Linux kernel, the following vulnerability has been resolved: net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() qdisc_tree_reduce_backlog() is called with the qdisc lock held, not RTNL. We must use qdisc_lookup_rcu() instead of qdisc_lo... Read more

    Affected Products : linux_kernel
    • Published: May. 19, 2024
    • Modified: Sep. 19, 2025

  • 4.7

    MEDIUM
    CVE-2024-50294

    In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing locking causing hanging calls If a call gets aborted (e.g. because kafs saw a signal) between it being queued for connection and the I/O thread picking up the call, t... Read more

    Affected Products : linux_kernel
    • Published: Nov. 19, 2024
    • Modified: Sep. 19, 2025

  • 7.5

    HIGH
    CVE-2024-50633

    A Broken Object Level Authorization (BOLA) vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the product intentiona... Read more

    Affected Products : indico
    • Published: Jan. 16, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2024-35842

    In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: sof-common: Add NULL check for normal_link string It's not granted that all entries of struct sof_conn_stream declare a `normal_link` (a non-SOF, direct link) string, an... Read more

    Affected Products : linux_kernel
    • Published: May. 17, 2024
    • Modified: Sep. 19, 2025

  • 5.5

    MEDIUM
    CVE-2024-53105

    In the Linux kernel, the following vulnerability has been resolved: mm: page_alloc: move mlocked flag clearance into free_pages_prepare() Syzbot reported a bad page state problem caused by a page being freed using free_page() still having a mlocked flag... Read more

    Affected Products : linux_kernel
    • Published: Dec. 02, 2024
    • Modified: Sep. 19, 2025

  • 5.5

    MEDIUM
    CVE-2023-52695

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check writeback connectors in create_validate_stream_for_sink [WHY & HOW] This is to check connector type to avoid unhandled null pointer for writeback connectors.... Read more

    Affected Products : linux_kernel
    • Published: May. 17, 2024
    • Modified: Sep. 19, 2025

  • 7.8

    HIGH
    CVE-2023-52688

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix the error handler of rfkill config When the core rfkill config throws error, it should free the allocated resources. Currently it is not freeing the core pdev create r... Read more

    Affected Products : linux_kernel
    • Published: May. 17, 2024
    • Modified: Sep. 19, 2025

  • 7.8

    HIGH
    CVE-2024-53106

    In the Linux kernel, the following vulnerability has been resolved: ima: fix buffer overrun in ima_eventdigest_init_common Function ima_eventdigest_init() calls ima_eventdigest_init_common() with HASH_ALGO__LAST which is then used to access the array ha... Read more

    Affected Products : linux_kernel
    • Published: Dec. 02, 2024
    • Modified: Sep. 19, 2025

  • 7.1

    HIGH
    CVE-2023-52682

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait on block writeback for post_read case If inode is compressed, but not encrypted, it missed to call f2fs_wait_on_block_writeback() to wait for GCed page writeback in IP... Read more

    Affected Products : linux_kernel
    • Published: May. 17, 2024
    • Modified: Sep. 19, 2025

  • 8.1

    HIGH
    CVE-2025-23206

    The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprin... Read more

    Affected Products : aws_cloud_development_kit
    • Published: Jan. 17, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 294853 Results