Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2023-6055

    A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. Specifically, if a site certificate lacks the "Server Authentication" specification in the E... Read more

    Affected Products : total_security
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 8.6

    HIGH
    CVE-2023-6056

    A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without ... Read more

    Affected Products : total_security
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 6.4

    MEDIUM
    CVE-2024-10055

    The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaio_snapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and o... Read more

    Affected Products : click_to_chat
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 7.3

    HIGH
    CVE-2024-10078

    The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. This makes it possible for authenticated ... Read more

    Affected Products : wp_easy_post_types
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-10079

    The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the 'text' parameter in the 'ajax_import_content' function. This allows authenticated att... Read more

    Affected Products : wp_easy_post_types
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 6.4

    MEDIUM
    CVE-2024-10080

    The WP Easy Post Types plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f... Read more

    Affected Products : wp_easy_post_types
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 8.6

    HIGH
    CVE-2023-49570

    A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates. This occurs when the "Basic Constraints" extension in t... Read more

    Affected Products : total_security
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 6.4

    MEDIUM
    CVE-2024-9452

    The Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, w... Read more

    Affected Products : branding
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 4.7

    MEDIUM
    CVE-2024-49859

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to check atomic_file in f2fs ioctl interfaces Some f2fs ioctl interfaces like f2fs_ioc_set_pin_file(), f2fs_move_file_range(), and f2fs_defragment_range() missed to check atom... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 7.8

    HIGH
    CVE-2024-47676

    In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway Syzbot reports a UAF in hugetlb_fault(). This happens because vmf_anon_prepare() could drop the per-VMA lock and allow the current... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 7.0

    HIGH
    CVE-2024-49855

    In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between timeout and normal completion If request timetout is handled by nbd_requeue_cmd(), normal completion has to be stopped for avoiding to complete this requeued reque... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 5.5

    MEDIUM
    CVE-2024-49850

    In the Linux kernel, the following vulnerability has been resolved: bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos In case of malformed relocation record of kind BPF_CORE_TYPE_ID_LOCAL referencing a non-existing BTF type, function bpf_core... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 5.5

    MEDIUM
    CVE-2024-47752

    In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix H264 stateless decoder smatch warning Fix a smatch static checker warning on vdec_h264_req_if.c. Which leads to a kernel crash when fb is NULL.... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-43611

    Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 22, 2024

  • 5.5

    MEDIUM
    CVE-2024-47746

    In the Linux kernel, the following vulnerability has been resolved: fuse: use exclusive lock when FUSE_I_CACHE_IO_MODE is set This may be a typo. The comment has said shared locks are not allowed when this bit is set. If using shared lock, the wait in `... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 8.6

    HIGH
    CVE-2023-6058

    A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the pr... Read more

    Affected Products : total_security
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 5.5

    MEDIUM
    CVE-2024-49857

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: set the cipher for secured NDP ranging The cipher pointer is not set, but is derefereced trying to set its content, which leads to a NULL pointer dereference. Fix it... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 4.8

    MEDIUM
    CVE-2024-9892

    The Add Widget After Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authentica... Read more

    Affected Products : add_widget_after_content
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 5.5

    MEDIUM
    CVE-2024-47743

    In the Linux kernel, the following vulnerability has been resolved: KEYS: prevent NULL pointer dereference in find_asymmetric_key() In find_asymmetric_key(), if all NULLs are passed in the id_{0,1,2} arguments, the kernel will first emit WARN but then h... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 5.5

    MEDIUM
    CVE-2024-47744

    In the Linux kernel, the following vulnerability has been resolved: KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock Use a dedicated mutex to guard kvm_usage_count to fix a potential deadlock on x86 due to a chain of locks and SRCU ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024
Showing 20 of 291562 Results