Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.6

    MEDIUM
    CVE-2024-39808

    Incorrect Calculation of Buffer Size (CWE-131) in the Controller 6000 and Controller 7000 OSDP message handling, allows an attacker with physical access to Controller wiring to instigate a reboot leading to a denial of service. This issue affects: Con... Read more

    Affected Products :
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024

  • 6.1

    MEDIUM
    CVE-2024-23906

    Improper Neutralization of Input During Web Page Generation (CWE-79) in the Controller 6000 and Controller 7000 diagnostic webpage allows an attacker to modify Controller configuration during an authenticated Operator's session. This issue affects: ... Read more

    Affected Products :
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024

  • 6.5

    MEDIUM
    CVE-2024-24972

    Buffer Copy without Checking Size of Input (CWE-120) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authorised and authenticated operator to reboot the Controller, causing a Denial of Service. Gallagher recommend the diagnos... Read more

    Affected Products :
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024

  • 8.8

    HIGH
    CVE-2024-44844

    DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function.... Read more

    Affected Products : vigor3900_firmware vigor3900
    • Published: Sep. 06, 2024
    • Modified: Sep. 11, 2024

  • 5.5

    MEDIUM
    CVE-2023-52893

    In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmi_get_variable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 ("efi: pstore: Omit efivars ca... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 11, 2024

  • 8.8

    HIGH
    CVE-2024-44845

    DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function.... Read more

    Affected Products : vigor3900_firmware vigor3900
    • Published: Sep. 06, 2024
    • Modified: Sep. 11, 2024

  • 6.5

    MEDIUM
    CVE-2024-6852

    The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : wp_multitasking
    • Published: Sep. 08, 2024
    • Modified: Sep. 11, 2024

  • 4.7

    MEDIUM
    CVE-2022-48899

    In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix GEM handle creation UAF Userspace can guess the handle value and try to race GEM object creation with handle close, resulting in a use-after-free if we dereference the o... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 11, 2024

  • 6.5

    MEDIUM
    CVE-2024-6853

    The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating welcome popups, which could allow attackers to make logged admins perform such action via a CSRF attack... Read more

    Affected Products : wp_multitasking
    • Published: Sep. 08, 2024
    • Modified: Sep. 11, 2024

  • 6.5

    MEDIUM
    CVE-2024-6855

    The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating exit popups, which could allow attackers to make logged admins perform such action via a CSRF attack... Read more

    Affected Products : wp_multitasking
    • Published: Sep. 08, 2024
    • Modified: Sep. 11, 2024

  • 6.5

    MEDIUM
    CVE-2024-6856

    The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : wp_multitasking
    • Published: Sep. 08, 2024
    • Modified: Sep. 11, 2024

  • 5.4

    MEDIUM
    CVE-2024-6859

    The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perf... Read more

    Affected Products : wp_multitasking
    • Published: Sep. 08, 2024
    • Modified: Sep. 11, 2024

  • 4.7

    MEDIUM
    CVE-2022-48898

    In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer There are 3 possible interrupt sources are handled by DP controller, HPDstatus, Controller state changes ... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-6924

    The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.... Read more

    Affected Products : truebooker
    • Published: Sep. 08, 2024
    • Modified: Sep. 11, 2024

  • 4.3

    MEDIUM
    CVE-2024-6925

    The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.... Read more

    Affected Products : truebooker
    • Published: Sep. 08, 2024
    • Modified: Sep. 11, 2024

  • 5.5

    MEDIUM
    CVE-2022-48897

    In the Linux kernel, the following vulnerability has been resolved: arm64/mm: fix incorrect file_map_count for invalid pmd The page table check trigger BUG_ON() unexpectedly when split hugepage: ------------[ cut here ]------------ kernel BUG at mm/p... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-8570

    A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /inccatadd.php. The manipulation of the argument title leads to sql injection. The attac... Read more

    Affected Products : tailoring_management_system
    • Published: Sep. 08, 2024
    • Modified: Sep. 11, 2024

  • 5.5

    MEDIUM
    CVE-2022-48896

    In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix pci device refcount leak As the comment of pci_get_domain_bus_and_slot() says, it returns a PCI device with refcount incremented, when finish using it, the caller must decrem... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 11, 2024

  • 5.3

    MEDIUM
    CVE-2024-8571

    A vulnerability was found in erjemin roll_cms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9. It has been classified as problematic. This affects an unknown part of the file roll_cms/roll_cms/views.py. The manipulation leads to information exposure throug... Read more

    Affected Products : roll_cms
    • Published: Sep. 08, 2024
    • Modified: Sep. 11, 2024

  • 5.5

    MEDIUM
    CVE-2022-48895

    In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Don't unregister on shutdown Michael Walle says he noticed the following stack trace while performing a shutdown with "reboot -f". He suggests he got "lucky" and just hi... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 11, 2024
Showing 20 of 292387 Results