Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-49953

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice The km.state is not checked in driver's delayed work. When xfrm_state_check_expire() is called, the state can be reset... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 07, 2024

  • 6.1

    MEDIUM
    CVE-2023-28149

    An issue was discovered in the IhisiServiceSmm module in Insyde InsydeH2O with kernel 5.2 before 05.28.42, 5.3 before 05.37.42, 5.4 before 05.45.39, 5.5 before 05.53.39, and 5.6 before 05.60.39 that could allow an attacker to modify UEFI variables.... Read more

    Affected Products :
    • Published: Jul. 31, 2024
    • Modified: Nov. 07, 2024

  • 9.1

    CRITICAL
    CVE-2024-49768

    Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes (defaults to 8192) long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled (default... Read more

    Affected Products : waitress
    • Published: Oct. 29, 2024
    • Modified: Nov. 07, 2024

  • 8.7

    HIGH
    CVE-2024-48921

    Kyverno is a policy engine designed for Kubernetes. A kyverno ClusterPolicy, ie. "disallow-privileged-containers," can be overridden by the creation of a PolicyException in a random namespace. By design, PolicyExceptions are consumed from any namespace. A... Read more

    Affected Products : kyverno
    • Published: Oct. 29, 2024
    • Modified: Nov. 07, 2024

  • 3.8

    LOW
    CVE-2024-10228

    The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in V... Read more

    Affected Products : vagrant vagrant_vmware_utility
    • Published: Oct. 29, 2024
    • Modified: Nov. 07, 2024

  • 7.1

    HIGH
    CVE-2024-10750

    A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as problematic. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV?fgHPOST/goform/SysToo. The manipulation of the argument Content-Length leads ... Read more

    Affected Products : i22_firmware i22
    • Published: Nov. 04, 2024
    • Modified: Nov. 07, 2024

  • 8.8

    HIGH
    CVE-2024-10805

    A vulnerability was found in code-projects University Event Management System 1.0. It has been classified as critical. This affects an unknown part of the file doedit.php. The manipulation of the argument id leads to sql injection. It is possible to initi... Read more

    • Published: Nov. 04, 2024
    • Modified: Nov. 07, 2024

  • 7.8

    HIGH
    CVE-2022-48998

    In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf/32: Fix Oops on tail call tests test_bpf tail call tests end up as: test_bpf: #0 Tail call leaf jited:1 85 PASS test_bpf: #1 Tail call 2 jited:1 111 PASS test_bpf: #2... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 07, 2024

  • 4.7

    MEDIUM
    CVE-2022-48997

    In the Linux kernel, the following vulnerability has been resolved: char: tpm: Protect tpm_pm_suspend with locks Currently tpm transactions are executed unconditionally in tpm_pm_suspend() function, which may lead to races with other tpm accessors in th... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 07, 2024

  • 8.8

    HIGH
    CVE-2024-10711

    The WooCommerce Report plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unau... Read more

    Affected Products : woocommerce_report
    • Published: Nov. 05, 2024
    • Modified: Nov. 07, 2024

  • 6.2

    MEDIUM
    CVE-2024-51512

    Vulnerability of parameter type not being verified in the WantAgent module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Nov. 05, 2024
    • Modified: Nov. 07, 2024

  • 6.2

    MEDIUM
    CVE-2024-51511

    Vulnerability of parameter type not being verified in the WantAgent module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Nov. 05, 2024
    • Modified: Nov. 07, 2024

  • 7.6

    HIGH
    CVE-2024-51510

    Out-of-bounds access vulnerability in the logo module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Nov. 05, 2024
    • Modified: Nov. 07, 2024

  • 8.8

    HIGH
    CVE-2024-50456

    Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1.... Read more

    Affected Products : seopress
    • Published: Oct. 29, 2024
    • Modified: Nov. 07, 2024

  • 8.8

    HIGH
    CVE-2024-50455

    Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1.... Read more

    Affected Products : seopress
    • Published: Oct. 29, 2024
    • Modified: Nov. 07, 2024

  • 9.8

    CRITICAL
    CVE-2024-9989

    The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due a to limited arbitrary method call to 'crypto_connect_ajax_process::log_in' function in the 'crypto_connect_ajax_process' function. ... Read more

    Affected Products : crypto_tool
    • Published: Oct. 29, 2024
    • Modified: Nov. 07, 2024

  • 9.8

    CRITICAL
    CVE-2024-9988

    The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due to missing validation on the user being supplied in the 'crypto_connect_ajax_process::register' function. This makes it possible for... Read more

    Affected Products : crypto_tool
    • Published: Oct. 29, 2024
    • Modified: Nov. 07, 2024

  • 7.4

    HIGH
    CVE-2024-6245

    Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on Linux (Infotainment Hub modules) allows attacker to try common or default usernames and passwords.The issue was detected on a 2022 Maruti Suzuki Brezza in India Market. This issue aff... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Nov. 07, 2024

  • 6.5

    MEDIUM
    CVE-2024-8305

    prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions pr... Read more

    Affected Products : mongodb
    • Published: Oct. 21, 2024
    • Modified: Nov. 07, 2024

  • 6.1

    MEDIUM
    CVE-2024-10503

    A vulnerability was found in Klokan MapTiler tileserver-gl 2.3.1 and classified as problematic. This issue affects some unknown processing of the component URL Handler. The manipulation of the argument key leads to cross site scripting. The attack may be ... Read more

    Affected Products : maptiler_tileserver_gl
    • Published: Oct. 30, 2024
    • Modified: Nov. 07, 2024
Showing 20 of 291205 Results