Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.2

    MEDIUM
    CVE-2024-34654

    Improper Export of android application component in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access files with My Files' privilege.... Read more

    Affected Products : android android
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 2.4

    LOW
    CVE-2024-34649

    Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access an unlocked screen.... Read more

    Affected Products : android android
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 4.0

    MEDIUM
    CVE-2024-34650

    Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel.... Read more

    Affected Products : android android
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 6.2

    MEDIUM
    CVE-2024-34651

    Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files.... Read more

    Affected Products : android android
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 4.0

    MEDIUM
    CVE-2024-34652

    Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to access information related to performance including app usage.... Read more

    Affected Products : android android
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 4.3

    MEDIUM
    CVE-2024-34661

    Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows remote attackers to access location data. User interaction is required for triggering this vulnerability.... Read more

    Affected Products : samsung_assistant assistant
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 5.5

    MEDIUM
    CVE-2024-44971

    In the Linux kernel, the following vulnerability has been resolved: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() bcm_sf2_mdio_register() calls of_phy_find_device() and then phy_device_remove() in a loop to remove existing PHY... Read more

    Affected Products : linux_kernel
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 5.5

    MEDIUM
    CVE-2024-44981

    In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix UBSAN 'subtraction overflow' error in shift_and_mask() UBSAN reports the following 'subtraction overflow' error when booting in a virtual machine on Android: | Internal... Read more

    Affected Products : linux_kernel
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 7.8

    HIGH
    CVE-2024-44986

    In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in ip6_finish_output2() If skb_expand_head() returns NULL, skb has been freed and associated dst/idev could also have been freed. We need to hold rcu_read_lock()... Read more

    Affected Products : linux_kernel
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 7.8

    HIGH
    CVE-2024-44987

    In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6_send_skb() syzbot reported an UAF in ip6_send_skb() [1] After ip6_local_out() has returned, we no longer can safely dereference rt, unless we hold rcu_read_loc... Read more

    Affected Products : linux_kernel
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 5.5

    MEDIUM
    CVE-2024-44936

    In the Linux kernel, the following vulnerability has been resolved: power: supply: rt5033: Bring back i2c_set_clientdata Commit 3a93da231c12 ("power: supply: rt5033: Use devm_power_supply_register() helper") reworked the driver to use devm. While at it,... Read more

    Affected Products : linux_kernel
    • Published: Aug. 26, 2024
    • Modified: Sep. 05, 2024

  • 7.8

    HIGH
    CVE-2024-7834

    A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. This allows an attacker with unprivileged access to the system to run arbitrary code with... Read more

    Affected Products : overwolf
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 5.5

    MEDIUM
    CVE-2024-42307

    In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path Dan Carpenter reported a Smack static checker warning: fs/smb/client/cifsfs.c:1981 init_cifs() er... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Sep. 05, 2024

  • 5.5

    MEDIUM
    CVE-2022-48877

    In the Linux kernel, the following vulnerability has been resolved: f2fs: let's avoid panic if extent_tree is not created This patch avoids the below panic. pc : __lookup_extent_tree+0xd8/0x760 lr : f2fs_do_write_data_page+0x104/0x87c sp : ffffffc010cb... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 05, 2024

  • 6.3

    MEDIUM
    CVE-2024-8462

    A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of ex... Read more

    Affected Products :
    • Published: Sep. 05, 2024
    • Modified: Sep. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-8289

    The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capability check on the update_item_permissions_check and cre... Read more

    Affected Products : multivendorx
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 6.1

    MEDIUM
    CVE-2024-8413

    Cross Site Scripting (XSS) vulnerability through the action parameter in index.php. Affected product codebase https://github.com/Bioshox/Raspcontrol and forks such as https://github.com/harmon25/raspcontrol . An attacker could exploit this vulnerabilit... Read more

    Affected Products : raspcontrol
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 8.0

    HIGH
    CVE-2024-44383

    WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm.... Read more

    Affected Products : fbm-291w_firmware fbm-291w
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 5.5

    MEDIUM
    CVE-2024-42288

    In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix for possible memory corruption Init Control Block is dereferenced incorrectly. Correctly dereference ICB... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Sep. 05, 2024

  • 5.5

    MEDIUM
    CVE-2024-42289

    In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: During vport delete send async logout explicitly During vport delete, it is observed that during unload we hit a crash because of stale entries in outstanding command arr... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Sep. 05, 2024
Showing 20 of 290213 Results