Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-57895

    Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP allows Cross Site Request Forgery. This issue affects JobWP: from n/a through 2.4.3.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.7

    HIGH
    CVE-2025-9255

    WebITR developed by Uniong has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.... Read more

    Affected Products : webitr
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-51606

    hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT (JSON Web Token) creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged ones such as "ad... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2024-56179

    In MindManager Windows versions prior to 24.1.150, attackers could potentially write to unexpected directories in victims' machines via directory traversal if victims opened file attachments located in malicious mmap files.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-36042

    IBM QRadar SIEM 7.5 through 7.5.0 Dashboard is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials... Read more

    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.4

    HIGH
    CVE-2010-10015

    AOL versions up to and including 9.5 includes an ActiveX control (Phobos.dll) that exposes a method called Import() via the Phobos.Playlist COM object. This method is vulnerable to a stack-based buffer overflow when provided with an excessively long strin... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2009-20002

    Millenium MP3 Studio versions up to and including 2.0 is vulnerable to a stack-based buffer overflow when parsing .pls playlist files. The application fails to properly validate the length of the File1 field within the playlist, allowing an attacker to cr... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2010-20034

    Gekko Manager FTP Client <= 0.77 contains a stack-based buffer overflow in its FTP directory listing parser. When processing a server response to a LIST command, the client fails to properly validate the length of filenames. A crafted response containing ... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2010-20113

    EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails to properly validate the length of the path parameter. Supplying an excessively lo... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29365

    spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in READ_STRING_SYSCALL.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38626

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode w/ "mode=lfs" mount option, generic/299 will cause system panic as below: ------------[ cut here ]------------ k... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-38619

    In the Linux kernel, the following vulnerability has been resolved: media: ti: j721e-csi2rx: fix list_del corruption If ti_csi2rx_start_dma() fails in ti_csi2rx_dma_callback(), the buffer is marked done with VB2_BUF_STATE_ERROR but is not removed from t... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38655

    In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: add NULL check in DT parse Add a NULL check for the return value of of_get_property() when retrieving the "pinmux" property in the group parser. This avoids a pot... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38627

    In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic The decompress_io_ctx may be released asynchronously after I/O completion. If this file is deleted immediately after read, an... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38629

    In the Linux kernel, the following vulnerability has been resolved: ALSA: usb: scarlett2: Fix missing NULL check scarlett2_input_select_ctl_info() sets up the string arrays allocated via kasprintf(), but it misses NULL checks, which may lead to NULL der... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38628

    In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix release of uninitialized resources on error path The commit in the fixes tag made sure that mlx5_vdpa_free() is the single entrypoint for removing the vdpa device resourc... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38633

    In the Linux kernel, the following vulnerability has been resolved: clk: spacemit: mark K1 pll1_d8 as critical The pll1_d8 clock is enabled by the boot loader, and is ultimately a parent for numerous clocks, including those used by APB and AXI buses. Gu... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-38640

    In the Linux kernel, the following vulnerability has been resolved: bpf: Disable migration in nf_hook_run_bpf(). syzbot reported that the netfilter bpf prog can be called without migration disabled in xmit path. Then the assertion in __bpf_prog_run() f... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-38646

    In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band With a quite rare chance, RX report might be problematic to make SW think a packet is received o... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-38643

    In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() Callers of wdev_chandef() must hold the wiphy mutex. But the worker cfg80211_propagate_cac_done_wk() never takes the lo... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Race Condition
Showing 20 of 291562 Results