Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-38415

    Memory corruption while handling session errors from firmware.... Read more

    • Published: Nov. 04, 2024
    • Modified: Nov. 07, 2024

  • 7.8

    HIGH
    CVE-2024-38410

    Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.... Read more

    • Published: Nov. 04, 2024
    • Modified: Nov. 07, 2024

  • 7.8

    HIGH
    CVE-2024-38409

    Memory corruption while station LL statistic handling.... Read more

    • Published: Nov. 04, 2024
    • Modified: Nov. 07, 2024

  • 7.8

    HIGH
    CVE-2024-38407

    Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver.... Read more

    • Published: Nov. 04, 2024
    • Modified: Nov. 07, 2024

  • 7.8

    HIGH
    CVE-2024-33033

    Memory corruption while processing IOCTL calls to unmap the buffers.... Read more

    • Published: Nov. 04, 2024
    • Modified: Nov. 07, 2024

  • 5.5

    MEDIUM
    CVE-2022-48996

    In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix wrong empty schemes assumption under online tuning in damon_sysfs_set_schemes() Commit da87878010e5 ("mm/damon/sysfs: support online inputs update") made 'damon_sysf... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 07, 2024

  • 7.8

    HIGH
    CVE-2022-48991

    In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths Any codepath that zaps page table entries must invoke MMU notifiers to ensure that secondary MMUs (like KVM) don't keep ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 07, 2024

  • 4.7

    MEDIUM
    CVE-2022-48985

    In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix race on per-CQ variable napi work_done After calling napi_complete_done(), the NAPIF_STATE_SCHED bit may be cleared, and another CPU can start napi thread and access per-... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 07, 2024

  • 5.5

    MEDIUM
    CVE-2024-49968

    In the Linux kernel, the following vulnerability has been resolved: ext4: filesystems without casefold feature cannot be mounted with siphash When mounting the ext4 filesystem, if the default hash version is set to DX_HASH_SIPHASH but the casefold featu... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 07, 2024

  • 5.5

    MEDIUM
    CVE-2024-50004

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 [WHY & HOW] Mismatch in DCN35 DML2 cause bw validation failed to acquire unexpected DPP pipe to cause... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 07, 2024

  • 7.8

    HIGH
    CVE-2024-50005

    In the Linux kernel, the following vulnerability has been resolved: mac802154: Fix potential RCU dereference issue in mac802154_scan_worker In the `mac802154_scan_worker` function, the `scan_req->type` field was accessed after the RCU read-side critical... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 07, 2024

  • 5.5

    MEDIUM
    CVE-2024-49961

    In the Linux kernel, the following vulnerability has been resolved: media: i2c: ar0521: Use cansleep version of gpiod_set_value() If we use GPIO reset from I2C port expander, we must use *_cansleep() variant of GPIO functions. This was not done in ar052... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 07, 2024

  • 5.5

    MEDIUM
    CVE-2024-49964

    In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix memfd_pin_folios free_huge_pages leak memfd_pin_folios followed by unpin_folios fails to restore free_huge_pages if the pages were not already faulted in, because the fo... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 07, 2024

  • 5.5

    MEDIUM
    CVE-2024-49954

    In the Linux kernel, the following vulnerability has been resolved: static_call: Replace pointless WARN_ON() in static_call_module_notify() static_call_module_notify() triggers a WARN_ON(), when memory allocation fails in __static_call_add_module(). Th... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 07, 2024

  • 5.5

    MEDIUM
    CVE-2024-49953

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice The km.state is not checked in driver's delayed work. When xfrm_state_check_expire() is called, the state can be reset... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 07, 2024

  • 6.1

    MEDIUM
    CVE-2023-28149

    An issue was discovered in the IhisiServiceSmm module in Insyde InsydeH2O with kernel 5.2 before 05.28.42, 5.3 before 05.37.42, 5.4 before 05.45.39, 5.5 before 05.53.39, and 5.6 before 05.60.39 that could allow an attacker to modify UEFI variables.... Read more

    Affected Products :
    • Published: Jul. 31, 2024
    • Modified: Nov. 07, 2024

  • 9.1

    CRITICAL
    CVE-2024-49768

    Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes (defaults to 8192) long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled (default... Read more

    Affected Products : waitress
    • Published: Oct. 29, 2024
    • Modified: Nov. 07, 2024

  • 8.7

    HIGH
    CVE-2024-48921

    Kyverno is a policy engine designed for Kubernetes. A kyverno ClusterPolicy, ie. "disallow-privileged-containers," can be overridden by the creation of a PolicyException in a random namespace. By design, PolicyExceptions are consumed from any namespace. A... Read more

    Affected Products : kyverno
    • Published: Oct. 29, 2024
    • Modified: Nov. 07, 2024

  • 3.8

    LOW
    CVE-2024-10228

    The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in V... Read more

    Affected Products : vagrant vagrant_vmware_utility
    • Published: Oct. 29, 2024
    • Modified: Nov. 07, 2024

  • 7.1

    HIGH
    CVE-2024-10750

    A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as problematic. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV?fgHPOST/goform/SysToo. The manipulation of the argument Content-Length leads ... Read more

    Affected Products : i22_firmware i22
    • Published: Nov. 04, 2024
    • Modified: Nov. 07, 2024
Showing 20 of 291162 Results