Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-44965

    In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix pti_clone_pgtable() alignment assumption Guenter reported dodgy crashes on an i386-nosmp build using GCC-11 that had the form of endless traps until entry stack exhaust and ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 04, 2024
    • Modified: Oct. 04, 2024

  • 5.5

    MEDIUM
    CVE-2024-44966

    In the Linux kernel, the following vulnerability has been resolved: binfmt_flat: Fix corruption when not offsetting data start Commit 04d82a6d0881 ("binfmt_flat: allow not offsetting data start") introduced a RISC-V specific variant of the FLAT format w... Read more

    Affected Products : linux_kernel
    • Published: Sep. 04, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-7950

    The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versions up to, and including, 2.1.6 via several functions c... Read more

    Affected Products : wp_job_portal
    • Published: Sep. 04, 2024
    • Modified: Oct. 04, 2024

  • 4.3

    MEDIUM
    CVE-2024-5053

    The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized Malichimp API key update due to an insufficient capability check on the verifyRequest function in all versions up ... Read more

    Affected Products : contact_form
    • Published: Sep. 01, 2024
    • Modified: Oct. 04, 2024

  • 4.3

    MEDIUM
    CVE-2024-7418

    The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.7.11 via the post_query_guten and post_query functions. This mak... Read more

    Affected Products : the_post_grid
    • Published: Aug. 29, 2024
    • Modified: Oct. 04, 2024

  • 4.7

    MEDIUM
    CVE-2024-46851

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct() dc_state_destruct() nulls the resource context of the DC state. The pipe context passed to dcn10_set_drr() is... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 5.3

    MEDIUM
    CVE-2024-6551

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.15.1. This is due to the plugin utilizing Symfony and leaving display_errors on within test files. Thi... Read more

    Affected Products : givewp
    • Published: Aug. 29, 2024
    • Modified: Oct. 04, 2024

  • 4.7

    MEDIUM
    CVE-2024-46850

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct() dc_state_destruct() nulls the resource context of the DC state. The pipe context passed to dcn35_set_drr() is... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 5.5

    MEDIUM
    CVE-2024-46848

    In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 concurrently reports the following warnings. perfevents: irq loop stuck! WARNING: CPU: 31 PID: 32438 at... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 7.5

    HIGH
    CVE-2024-8454

    The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote attackers to send crafted packets that can crash the se... Read more

    • Published: Sep. 30, 2024
    • Modified: Oct. 04, 2024

  • 4.9

    MEDIUM
    CVE-2024-8453

    Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to... Read more

    • Published: Sep. 30, 2024
    • Modified: Oct. 04, 2024

  • 7.5

    HIGH
    CVE-2024-8452

    Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowing attackers to obtain plaintext SNMPv3 credentials potentially.... Read more

    • Published: Sep. 30, 2024
    • Modified: Oct. 04, 2024

  • 7.5

    HIGH
    CVE-2024-8451

    Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authenticated connection requests, allowing unauthorized remote attackers to exploit this weakness to occupy connection slots and prevent legitimate us... Read more

    • Published: Sep. 30, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-8450

    Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowing unauthorized remote attackers to use this community string to access the SNMPv1 service with read-write privileges.... Read more

    • Published: Sep. 30, 2024
    • Modified: Oct. 04, 2024

  • 6.8

    MEDIUM
    CVE-2024-8449

    Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password.... Read more

    • Published: Sep. 30, 2024
    • Modified: Oct. 04, 2024

  • 8.8

    HIGH
    CVE-2024-8448

    Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and obtain a Linux root shell.... Read more

    • Published: Sep. 30, 2024
    • Modified: Oct. 04, 2024

  • 8.1

    HIGH
    CVE-2024-8455

    The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized rem... Read more

    • Published: Sep. 30, 2024
    • Modified: Oct. 04, 2024

  • 4.8

    MEDIUM
    CVE-2024-8457

    Certain switch models from PLANET Technology have a web application that does not properly validate specific parameters, allowing remote authenticated users with administrator privileges to inject arbitrary JavaScript, leading to Stored XSS attack.... Read more

    • Published: Sep. 30, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-8456

    Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of ... Read more

    • Published: Sep. 30, 2024
    • Modified: Oct. 04, 2024

  • 8.8

    HIGH
    CVE-2024-8458

    Certain switch models from PLANET Technology have a web application that is vulnerable to Cross-Site Request Forgery (CSRF). An unauthenticated remote attacker can trick a user into visiting a malicious website, allowing the attacker to impersonate the us... Read more

    • Published: Sep. 30, 2024
    • Modified: Oct. 04, 2024
Showing 20 of 291162 Results