Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-22037

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-21751

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, change error flow on matcher disconnect Currently, when firmware failure occurs during matcher disconnect flow, the error flow of the function reconnects the matcher back... Read more

    Affected Products : linux_kernel
    • Published: Feb. 27, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-22608

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to revoke any team invitations on a Coolify instance by only provi... Read more

    Affected Products : coolify
    • Published: Jan. 24, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2014-125128

    'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scripting (XSS). The function 'naughtyHref' doesn't properly validate the hyperreference (`href`) attribute in anchor tags (`<a>`), allowing bypasses that contain different casings, whites... Read more

    Affected Products : sanitize-html
    • Published: Sep. 08, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2023-47430

    Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.3.3 allows attackers to cause a denial of service via via the SendContainer() function at tivo_commands.c.... Read more

    Affected Products : readymedia
    • Published: Mar. 25, 2024
    • Modified: Sep. 19, 2025

  • 4.7

    MEDIUM
    CVE-2024-35798

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race in read_extent_buffer_pages() There are reports from tree-checker that detects corrupted nodes, without any obvious pattern so possibly an overwrite in memory. After som... Read more

    Affected Products : linux_kernel
    • Published: May. 17, 2024
    • Modified: Sep. 19, 2025

  • 5.5

    MEDIUM
    CVE-2025-22607

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the details page for any GitHub / GitLab configuration on... Read more

    Affected Products : coolify
    • Published: Jan. 24, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2025-22606

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In version 4.0.0-beta.358 and possibly earlier versions, when creating or updating a "project," it is possible to inject arbitrary shell commands by alteri... Read more

    Affected Products : coolify
    • Published: Jan. 24, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2024-29025

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the... Read more

    Affected Products : netty debian_linux
    • Published: Mar. 25, 2024
    • Modified: Sep. 19, 2025

  • 8.5

    HIGH
    CVE-2025-22605

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Starting in version 4.0.0-beta.18 and prior to 4.0.0-beta.253, a vulnerability in the execution of commands on remote servers allows an authenticated user ... Read more

    Affected Products : coolify
    • Published: Jan. 24, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-25175

    An issue in Kickdler before v1.107.0 allows attackers to provide an XSS payload via a HTTP response splitting attack.... Read more

    Affected Products : kickdler
    • Published: Mar. 25, 2024
    • Modified: Sep. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-28024

    Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=grade.... Read more

    • Published: Apr. 21, 2022
    • Modified: Sep. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-28025

    Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=school_year.... Read more

    • Published: Apr. 21, 2022
    • Modified: Sep. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-28026

    Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=student_p&id=.... Read more

    • Published: Apr. 21, 2022
    • Modified: Sep. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-27304

    Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user parameter.... Read more

    • Published: Apr. 05, 2022
    • Modified: Sep. 19, 2025

  • 3.3

    LOW
    CVE-2022-48668

    In the Linux kernel, the following vulnerability has been resolved: smb3: fix temporary data corruption in collapse range collapse range doesn't discard the affected cached region so can risk temporarily corrupting the file data. This fixes xfstest gene... Read more

    Affected Products : linux_kernel
    • Published: Apr. 28, 2024
    • Modified: Sep. 19, 2025

  • 3.3

    LOW
    CVE-2022-48667

    In the Linux kernel, the following vulnerability has been resolved: smb3: fix temporary data corruption in insert range insert range doesn't discard the affected cached region so can risk temporarily corrupting file data. Also includes some minor clean... Read more

    Affected Products : linux_kernel
    • Published: Apr. 28, 2024
    • Modified: Sep. 19, 2025

  • 5.5

    MEDIUM
    CVE-2022-48665

    In the Linux kernel, the following vulnerability has been resolved: exfat: fix overflow for large capacity partition Using int type for sector index, there will be overflow in a large capacity partition. For example, if storage with sector size of 512 ... Read more

    Affected Products : linux_kernel
    • Published: Apr. 28, 2024
    • Modified: Sep. 19, 2025

  • 8.8

    HIGH
    CVE-2025-10409

    A weakness has been identified in SourceCodester Student Grading System 1.0. This affects an unknown part of the file /rms.php?page=users. Executing manipulation of the argument fname can lead to sql injection. The attack can be launched remotely. The exp... Read more

    • Published: Sep. 14, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2022-48653

    In the Linux kernel, the following vulnerability has been resolved: ice: Don't double unplug aux on peer initiated reset In the IDC callback that is accessed when the aux drivers request a reset, the function to unplug the aux devices is called. This f... Read more

    Affected Products : linux_kernel
    • Published: Apr. 28, 2024
    • Modified: Sep. 19, 2025
Showing 20 of 294796 Results