Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2024-0109

    NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause a crash by passing in a malformed ELF file. A successful exploit of this vulnerability may cause an out of bounds read in the unprivileged process memory which coul... Read more

    Affected Products : cuda_toolkit
    • Published: Aug. 31, 2024
    • Modified: Sep. 18, 2024

  • 7.8

    HIGH
    CVE-2024-0110

    NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause an out-of-bound write by passing in a malformed ELF file. A successful exploit of this vulnerability may lead to code execution or denial of service.... Read more

    Affected Products : cuda_toolkit
    • Published: Aug. 31, 2024
    • Modified: Sep. 18, 2024

  • 8.8

    HIGH
    CVE-2024-38018

    Microsoft SharePoint Server Remote Code Execution Vulnerability... Read more

    Affected Products : sharepoint_server
    • Published: Sep. 10, 2024
    • Modified: Sep. 18, 2024

  • 8.1

    HIGH
    CVE-2024-38045

    Windows TCP/IP Remote Code Execution Vulnerability... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 18, 2024

  • 7.8

    HIGH
    CVE-2024-38046

    PowerShell Elevation of Privilege Vulnerability... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-43482

    Microsoft Outlook for iOS Information Disclosure Vulnerability... Read more

    Affected Products : outlook
    • Published: Sep. 10, 2024
    • Modified: Sep. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-43487

    Windows Mark of the Web Security Feature Bypass Vulnerability... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 18, 2024

  • 7.8

    HIGH
    CVE-2024-43492

    Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability... Read more

    Affected Products : autoupdate
    • Published: Sep. 10, 2024
    • Modified: Sep. 18, 2024

  • 7.3

    HIGH
    CVE-2024-43495

    Windows libarchive Remote Code Execution Vulnerability... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 18, 2024

  • 7.8

    HIGH
    CVE-2024-44093

    In ppmp_unprotect_buf of drm/code/drm_fw.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploit... Read more

    Affected Products : android
    • Published: Sep. 13, 2024
    • Modified: Sep. 18, 2024

  • 7.8

    HIGH
    CVE-2024-44094

    In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploit... Read more

    Affected Products : android
    • Published: Sep. 13, 2024
    • Modified: Sep. 18, 2024

  • 7.5

    HIGH
    CVE-2024-2800

    ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking.... Read more

    Affected Products : gitlab
    • Published: Aug. 08, 2024
    • Modified: Sep. 18, 2024

  • 5.4

    MEDIUM
    CVE-2024-4207

    A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. When viewing an XML file in a repository in raw mode, it can be m... Read more

    Affected Products : gitlab
    • Published: Aug. 08, 2024
    • Modified: Sep. 18, 2024

  • 8.8

    HIGH
    CVE-2024-7965

    Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Actively Exploited
    • Published: Aug. 21, 2024
    • Modified: Sep. 18, 2024

  • 8.8

    HIGH
    CVE-2024-7557

    A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credenti... Read more

    Affected Products : openshift_data_science openshift_ai
    • Published: Aug. 12, 2024
    • Modified: Sep. 18, 2024

  • 4.7

    MEDIUM
    CVE-2024-8120

    The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.14. This is due to missing or incorrect nonce validation on several functions in the class/class-image-otim... Read more

    • Published: Aug. 24, 2024
    • Modified: Sep. 17, 2024

  • 5.9

    MEDIUM
    CVE-2024-43324

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CleverSoft Clever Addons for Elementor allows Stored XSS.This issue affects Clever Addons for Elementor: from n/a through 2.2.0.... Read more

    Affected Products : clever_addons_for_elementor
    • Published: Aug. 18, 2024
    • Modified: Sep. 17, 2024

  • 7.1

    HIGH
    CVE-2024-43276

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Svetoslav Marinov (Slavi) Child Theme Creator allows Reflected XSS.This issue affects Child Theme Creator: from n/a through 1.5.4.... Read more

    Affected Products : child_theme_creator
    • Published: Aug. 18, 2024
    • Modified: Sep. 17, 2024

  • 6.5

    MEDIUM
    CVE-2024-43329

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Chill Allegiant allegiant allows Stored XSS.This issue affects Allegiant: from n/a through 1.2.7.... Read more

    Affected Products : allegiant
    • Published: Aug. 18, 2024
    • Modified: Sep. 17, 2024

  • 7.5

    HIGH
    CVE-2024-7526

    ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, an... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Aug. 06, 2024
    • Modified: Sep. 17, 2024
Showing 20 of 290994 Results