Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-46825

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check The lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() is normally called with input from the firmware, so it should use IWL_FW... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Nov. 20, 2024

  • 5.5

    MEDIUM
    CVE-2024-46826

    In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomize_va_space double read ELF loader uses "randomize_va_space" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory w... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Nov. 20, 2024

  • 7.6

    HIGH
    CVE-2024-52435

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in W3 Eden, Inc. Premium Packages allows SQL Injection.This issue affects Premium Packages: from n/a through 5.9.3.... Read more

    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 6.1

    MEDIUM
    CVE-2024-20525

    A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not p... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 06, 2024
    • Modified: Nov. 20, 2024

  • 6.1

    MEDIUM
    CVE-2024-20530

    A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not p... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 06, 2024
    • Modified: Nov. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-20531

    A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery (SSRF) attack through an affected device. To e... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 06, 2024
    • Modified: Nov. 20, 2024

  • 8.8

    HIGH
    CVE-2024-49574

    Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 5.5

    MEDIUM
    CVE-2024-53050

    In the Linux kernel, the following vulnerability has been resolved: drm/i915/hdcp: Add encoder check in hdcp2_get_capability Add encoder check in intel_hdcp2_get_capability to avoid null pointer error.... Read more

    Affected Products : linux_kernel
    • Published: Nov. 19, 2024
    • Modified: Nov. 20, 2024

  • 5.5

    MEDIUM
    CVE-2024-53051

    In the Linux kernel, the following vulnerability has been resolved: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability Sometimes during hotplug scenario or suspend/resume scenario encoder is not always initialized when intel_hdcp_get_capabili... Read more

    Affected Products : linux_kernel
    • Published: Nov. 19, 2024
    • Modified: Nov. 20, 2024

  • 4.3

    MEDIUM
    CVE-2024-10897

    The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_etlms_dependency_plugin() function in all versions up to, and including, 2.1.5. This makes it possible f... Read more

    Affected Products : tutor_lms_elementor_addons
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024

  • 9.1

    CRITICAL
    CVE-2024-52434

    Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Popup by Supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through 1.10.29.... Read more

    Affected Products : popup
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 4.7

    MEDIUM
    CVE-2024-49866

    In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Fix a race during cpuhp processing There is another found exception that the "timerlat/1" thread was scheduled on CPU0, and lead to timer corruption finally: ``` ODEB... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 20, 2024

  • 5.5

    MEDIUM
    CVE-2024-46785

    In the Linux kernel, the following vulnerability has been resolved: eventfs: Use list_del_rcu() for SRCU protected list variable Chi Zhiling reported: We found a null pointer accessing in tracefs[1], the reason is that the variable 'ei_child' is se... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Nov. 20, 2024

  • 5.5

    MEDIUM
    CVE-2024-46783

    In the Linux kernel, the following vulnerability has been resolved: tcp_bpf: fix return value of tcp_bpf_sendmsg() When we cork messages in psock->cork, the last message triggers the flushing will result in sending a sk_msg larger than the current messa... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Nov. 20, 2024

  • 7.5

    HIGH
    CVE-2024-11241

    A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file reset.php. The manipulation of the argument e leads to sql injection. The attack can b... Read more

    Affected Products : job_recruitment
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024

  • 4.7

    MEDIUM
    CVE-2024-46787

    In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix checks for huge PMDs Patch series "userfaultfd: fix races around pmd_trans_huge() check", v2. The pmd_trans_huge() code in mfill_atomic() is wrong in three different w... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Nov. 20, 2024

  • 8.8

    HIGH
    CVE-2024-40638

    GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities. One of them can be used to alter another user account data and take control of it. Upgrade to 10.0.17.... Read more

    Affected Products : glpi
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024

  • 9.9

    CRITICAL
    CVE-2024-52427

    Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Server Side Include (SSI) Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through 2.3.11.... Read more

    Affected Products : event_tickets_with_ticket_scanner
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-52428

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Scripteo Ads Booster by Ads Pro allows PHP Local File Inclusion.This issue affects Ads Booster by Ads Pro: from n/a through 1.12.... Read more

    Affected Products : ads_booster_by_ads_pro
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 9.9

    CRITICAL
    CVE-2024-52429

    Unrestricted Upload of File with Dangerous Type vulnerability in Anton Hoelstad WP Quick Setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through 2.0.... Read more

    Affected Products : wp_quick_setup
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024
Showing 20 of 291384 Results