Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 8.6

    CVSS31
    CVE-2024-36114

    Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak t... Read more

    Affected Products :
    • Published: May. 29, 2024
    • Modified: May. 29, 2024
  • 4.3

    CVSS31
    CVE-2024-35221

    Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.from_yaml. from_yaml makes use of SafeYAML.load w... Read more

    Affected Products :
    • Published: May. 29, 2024
    • Modified: May. 29, 2024
  • 0.0

    NONE
    CVE-2024-35492

    Cesanta Mongoose commit b316989 was discovered to contain a NULL pointer dereference via the scpy function at src/fmt.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MQTT packet.... Read more

    Affected Products :
    • Published: May. 29, 2024
    • Modified: May. 29, 2024
  • 2.3

    CVSS31
    CVE-2024-34715

    Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special... Read more

    Affected Products :
    • Published: May. 29, 2024
    • Modified: May. 29, 2024
  • 5.3

    CVSS31
    CVE-2024-35200

    When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.... Read more

    Affected Products :
    • Published: May. 29, 2024
    • Modified: May. 29, 2024
  • 6.5

    CVSS31
    CVE-2024-32760

    When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.... Read more

    Affected Products :
    • Published: May. 29, 2024
    • Modified: May. 29, 2024
  • 0.0

    NONE
    CVE-2024-35434

    Irontec Sngrep v1.8.1 was discovered to contain a heap buffer overflow via the function rtp_check_packet at /sngrep/src/rtp.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SIP packet.... Read more

    Affected Products :
    • Published: May. 29, 2024
    • Modified: May. 29, 2024
  • 7.6

    CVSS31
    CVE-2024-28974

    Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.... Read more

    Affected Products :
    • Published: May. 29, 2024
    • Modified: May. 29, 2024
  • 0.0

    NONE
    CVE-2024-36016

    In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mode - side B sends the header of a basic option mode fram... Read more

    Affected Products :
    • Published: May. 29, 2024
    • Modified: May. 29, 2024
  • 0.0

    NONE
    CVE-2024-35512

    An issue in hmq v1.5.5 allows attackers to cause a Denial of Service (DoS) via crafted requests.... Read more

    Affected Products :
    • Published: May. 29, 2024
    • Modified: May. 29, 2024
  • 0.0

    NONE
    CVE-2024-35311

    Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.6.4, and YubiKey 5 FIPS before 5.7.2 have Incorrect Access Control.... Read more

    Affected Products :
    • Published: May. 29, 2024
    • Modified: May. 29, 2024
  • 4.8

    CVSS31
    CVE-2024-31079

    When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the conn... Read more

    Affected Products :
    • Published: May. 29, 2024
    • Modified: May. 29, 2024
  • 5.3

    CVSS31
    CVE-2024-34161

    When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak... Read more

    Affected Products :
    • Published: May. 29, 2024
    • Modified: May. 29, 2024
  • 0.0

    NONE
    CVE-2023-46297

    An issue was discovered on Mercusys MW325R EU V3 MW325R(EU)_V3_1.11.0 221019 devices. A WAN attacker can make the admin interface unreachable/invisible via an unauthenticated HTTP request. Verification of the data sent by the user does not occur. The web ... Read more

    Affected Products :
    • Published: May. 29, 2024
    • Modified: May. 29, 2024
  • 0.0

    NONE
    CVE-2024-35283

    A vulnerability in the Ignite component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a stored cross-site scripting (XSS) attack due to insufficient input validation.... Read more

    Affected Products :
    • Published: May. 29, 2024
    • Modified: May. 29, 2024
  • 0.0

    NONE
    CVE-2024-35284

    A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation.... Read more

    Affected Products :
    • Published: May. 29, 2024
    • Modified: May. 29, 2024
  • 0.0

    NONE
    CVE-2024-35333

    A stack-buffer-overflow vulnerability exists in the read_charset_decl function of html2xhtml 1.3. This vulnerability occurs due to improper bounds checking when copying data into a fixed-size stack buffer. An attacker can exploit this vulnerability by pro... Read more

    Affected Products :
    • Published: May. 29, 2024
    • Modified: May. 29, 2024
  • 0.0

    NONE
    CVE-2024-36427

    The file-serving function in TARGIT Decision Suite 23.2.15007 allows authenticated attackers to read or write to server files via a crafted file request. This can allow code execution via a .xview file.... Read more

    Affected Products :
    • Published: May. 29, 2024
    • Modified: May. 29, 2024
  • 6.5

    CVSS31
    CVE-2024-36377

    In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions... Read more

    Affected Products :
    • Published: May. 29, 2024
    • Modified: May. 29, 2024
  • 4.6

    CVSS31
    CVE-2024-36370

    In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 stored XSS via OAuth connection settings was possible... Read more

    Affected Products :
    • Published: May. 29, 2024
    • Modified: May. 29, 2024
Showing 20 of 194 Results