Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.7

    MEDIUM
    CVE-2024-46704

    In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix spruious data race in __flush_work() When flushing a work item for cancellation, __flush_work() knows that it exclusively owns the work item through its PENDING bit. 1348... Read more

    Affected Products : linux_kernel
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-46705

    In the Linux kernel, the following vulnerability has been resolved: drm/xe: reset mmio mappings with devm Set our various mmio mappings to NULL. This should make it easier to catch something rogue trying to mess with mmio after device removal. For examp... Read more

    Affected Products : linux_kernel
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-46707

    In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 On a system with a GICv3, if a guest hasn't been configured with GICv3 and that the host is not capable of GICv2 emulatio... Read more

    Affected Products : linux_kernel
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-46708

    In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: x1e80100: Fix special pin offsets Remove the erroneus 0x100000 offset to prevent the boards from crashing on pin state setting, as well as for the intended state changes ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 5.3

    MEDIUM
    CVE-2022-4539

    The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1.2. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login r... Read more

    Affected Products : web_application_firewall
    • Published: Aug. 31, 2024
    • Modified: Sep. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-46709

    In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix prime with external buffers Make sure that for external buffers mapping goes through the dma_buf interface instead of trying to access pages directly. External buffers ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 4.7

    MEDIUM
    CVE-2024-46711

    In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix ID 0 endp usage after multiple re-creations 'local_addr_used' and 'add_addr_accepted' are decremented for addresses not related to the initial subflow (ID0), because the ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-46712

    In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Disable coherent dumb buffers without 3d Coherent surfaces make only sense if the host renders to them using accelerated apis. Without 3d the entire content of dumb buffers ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-6656

    Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable.This issue affects Cockpit Software: before v2.13.... Read more

    Affected Products : cockpit
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 5.8

    MEDIUM
    CVE-2024-45607

    whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is valid. Incorrect Access Control, anyone us... Read more

    Affected Products : whatsapp-api-js
    • Published: Sep. 12, 2024
    • Modified: Sep. 19, 2024

  • 8.8

    HIGH
    CVE-2024-8533

    A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges.... Read more

    • Published: Sep. 12, 2024
    • Modified: Sep. 19, 2024

  • 9.1

    CRITICAL
    CVE-2024-7960

    The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functi... Read more

    Affected Products : pavilion8
    • Published: Sep. 12, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-7961

    A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution.... Read more

    Affected Products : pavilion8
    • Published: Sep. 12, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-8782

    A vulnerability was found in JFinalCMS up to 1.0. It has been rated as critical. This issue affects the function delete of the file /admin/template/edit. The manipulation of the argument name leads to path traversal. The attack may be initiated remotely. ... Read more

    Affected Products : jfinalcms
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 8.2

    HIGH
    CVE-2024-5754

    BT: Encryption procedure host vulnerability... Read more

    Affected Products : zephyr
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 6.8

    MEDIUM
    CVE-2024-6258

    BT: Missing length checks of net_buf in rfcomm_handle_data... Read more

    Affected Products : zephyr
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 5.4

    MEDIUM
    CVE-2024-8783

    A vulnerability classified as problematic has been found in OpenTibiaBR MyAAC up to 0.8.16. Affected is an unknown function of the file system/pages/forum/new_post.php of the component Post Reply Handler. The manipulation of the argument post_topic leads ... Read more

    Affected Products : myaac
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 8.8

    HIGH
    CVE-2024-8784

    A vulnerability classified as critical was found in QDocs Smart School Management System 7.0.0. Affected by this vulnerability is an unknown functionality of the file /user/chat/mynewuser of the component Chat. The manipulation of the argument users[] wit... Read more

    Affected Products : smart_school
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-44430

    SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface... Read more

    Affected Products : best_free_law_office_management
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-5931

    BT: Unchecked user input in bap_broadcast_assistant... Read more

    Affected Products : zephyr
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024
Showing 20 of 290994 Results