Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-10380

    A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/ajax_product.php. The manipulation of the argument drop_servic... Read more

    Affected Products : petrol_pump_management
    • Published: Oct. 25, 2024
    • Modified: Nov. 01, 2024

  • 7.8

    HIGH
    CVE-2024-50088

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix uninitialized pointer free in add_inode_ref() The add_inode_ref() function does not initialize the "name" struct when it is declared. If any of the following calls to "read_... Read more

    Affected Products : linux_kernel
    • Published: Oct. 29, 2024
    • Modified: Nov. 01, 2024

  • 5.5

    MEDIUM
    CVE-2024-50078

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Call iso_exit() on module unload If iso_init() has been called, iso_exit() must be called on module unload. Without that, the struct proto that iso_init() registered with pro... Read more

    Affected Products : linux_kernel
    • Published: Oct. 29, 2024
    • Modified: Nov. 01, 2024

  • 5.5

    MEDIUM
    CVE-2024-50077

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix multiple init when debugfs is disabled If bt_debugfs is not created successfully, which happens if either CONFIG_DEBUG_FS or CONFIG_DEBUG_FS_ALLOW_ALL is unset, then... Read more

    Affected Products : linux_kernel
    • Published: Oct. 29, 2024
    • Modified: Nov. 01, 2024

  • 5.5

    MEDIUM
    CVE-2024-50075

    In the Linux kernel, the following vulnerability has been resolved: xhci: tegra: fix checked USB2 port number If USB virtualizatoin is enabled, USB2 ports are shared between all Virtual Functions. The USB2 port number owned by an USB2 root hub in a Virt... Read more

    Affected Products : linux_kernel
    • Published: Oct. 29, 2024
    • Modified: Nov. 01, 2024

  • 6.2

    MEDIUM
    CVE-2024-47969

    Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service.... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Nov. 01, 2024

  • 5.5

    MEDIUM
    CVE-2024-50011

    In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item There is no links_num in struct snd_soc_acpi_mach {}, and we test !link->num_adr as a condition to end the loop in hda_sdw_... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 01, 2024

  • 5.5

    MEDIUM
    CVE-2022-48986

    In the Linux kernel, the following vulnerability has been resolved: mm/gup: fix gup_pud_range() for dax For dax pud, pud_huge() returns true on x86. So the function works as long as hugetlb is configured. However, dax doesn't depend on hugetlb. Commit 4... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 01, 2024

  • 6.4

    MEDIUM
    CVE-2024-9897

    The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-twitch-embed shortcode in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping on use... Read more

    Affected Products : twitch_integration
    • Published: Oct. 19, 2024
    • Modified: Nov. 01, 2024

  • 5.5

    MEDIUM
    CVE-2022-48987

    In the Linux kernel, the following vulnerability has been resolved: media: v4l2-dv-timings.c: fix too strict blanking sanity checks Sanity checks were added to verify the v4l2_bt_timings blanking fields in order to avoid integer overflows when userspace... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 01, 2024

  • 4.3

    MEDIUM
    CVE-2024-9889

    The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.9 via the Page Loader widget. This makes it possible for authenticated attackers, with contributor-level... Read more

    • Published: Oct. 19, 2024
    • Modified: Nov. 01, 2024

  • 4.3

    MEDIUM
    CVE-2023-6243

    The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admin_test_email function. ... Read more

    Affected Products : eventon-lite
    • Published: Oct. 19, 2024
    • Modified: Nov. 01, 2024

  • 7.0

    HIGH
    CVE-2022-48988

    In the Linux kernel, the following vulnerability has been resolved: memcg: fix possible use-after-free in memcg_write_event_control() memcg_write_event_control() accesses the dentry->d_name of the specified control fd to route the write call. As a cgro... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 01, 2024

  • 5.5

    MEDIUM
    CVE-2024-49956

    In the Linux kernel, the following vulnerability has been resolved: gfs2: fix double destroy_workqueue error When gfs2_fill_super() fails, destroy_workqueue() is called within gfs2_gl_hash_clear(), and the subsequent code path calls destroy_workqueue() ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 01, 2024

  • 5.5

    MEDIUM
    CVE-2024-50003

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix system hang while resume with TBT monitor [Why] Connected with a Thunderbolt monitor and do the suspend and the system may hang while resume. The TBT monitor HPD w... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 01, 2024

  • 5.5

    MEDIUM
    CVE-2024-49943

    In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc_submit: add missing locking in wedged_fini Any non-wedged queue can have a zero refcount here and can be running concurrently with an async queue destroy, therefore dereferen... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 01, 2024

  • 5.5

    MEDIUM
    CVE-2024-49945

    In the Linux kernel, the following vulnerability has been resolved: net/ncsi: Disable the ncsi work before freeing the associated structure The work function can run after the ncsi device is freed, resulting in use-after-free bugs or kernel panic.... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 01, 2024

  • 5.9

    MEDIUM
    CVE-2023-7279

    A vulnerability has been found in Secure Systems Engineering Connaisseur up to 3.3.0 and classified as problematic. This vulnerability affects unknown code of the file connaisseur/res/targets_schema.json of the component Delegation Name Handler. The manip... Read more

    Affected Products : connaisseur connaisseur
    • Published: Sep. 02, 2024
    • Modified: Nov. 01, 2024

  • 9.8

    CRITICAL
    CVE-2024-9793

    A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated r... Read more

    Affected Products : ac1206_firmware ac1206
    • Published: Oct. 10, 2024
    • Modified: Nov. 01, 2024

  • 0.0

    NONE
    CVE-2024-50356

    Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). The password could be reset by anyone who have access to the mail inbox circumventing the 2FA. Even though they wouldn'... Read more

    Affected Products :
    • Published: Oct. 31, 2024
    • Modified: Nov. 01, 2024
Showing 20 of 291316 Results