Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-42270

    In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init(). We had a report that iptables-restore sometimes triggered null-ptr-deref at boot time. [0] The problem is that ipta... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Aug. 19, 2024

  • 7.8

    HIGH
    CVE-2024-7545

    oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target... Read more

    Affected Products : ofono
    • Published: Aug. 06, 2024
    • Modified: Aug. 19, 2024

  • 7.8

    HIGH
    CVE-2024-7544

    oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target... Read more

    Affected Products : ofono
    • Published: Aug. 06, 2024
    • Modified: Aug. 19, 2024

  • 7.8

    HIGH
    CVE-2024-7543

    oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target... Read more

    Affected Products : ofono
    • Published: Aug. 06, 2024
    • Modified: Aug. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-42283

    In the Linux kernel, the following vulnerability has been resolved: net: nexthop: Initialize all fields in dumped nexthops struct nexthop_grp contains two reserved fields that are not initialized by nla_put_nh_group(), and carry garbage. This can be obs... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Aug. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-42282

    In the Linux kernel, the following vulnerability has been resolved: net: mediatek: Fix potential NULL pointer dereference in dummy net_device handling Move the freeing of the dummy net_device from mtk_free_dev() to mtk_remove(). Previously, if alloc_ne... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Aug. 19, 2024

  • 7.8

    HIGH
    CVE-2024-42284

    In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipc_udp_addr2str() on error tipc_udp_addr2str() should return non-zero value if the UDP media address is invalid. Otherwise, a buffer overflow access c... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Aug. 19, 2024

  • 7.8

    HIGH
    CVE-2024-42285

    In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs iw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with an existing struct iw_cm_id (cm_id) as follows:... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Aug. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-42294

    In the Linux kernel, the following vulnerability has been resolved: block: fix deadlock between sd_remove & sd_release Our test report the following hung task: [ 2538.459400] INFO: task "kworker/0:0":7 blocked for more than 188 seconds. [ 2538.459427] ... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Aug. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-42843

    Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php.... Read more

    Affected Products : online_examination_system
    • Published: Aug. 15, 2024
    • Modified: Aug. 19, 2024

  • 8.8

    HIGH
    CVE-2024-42681

    Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component.... Read more

    Affected Products : xxl-job
    • Published: Aug. 15, 2024
    • Modified: Aug. 19, 2024

  • 6.8

    MEDIUM
    CVE-2023-24064

    Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR4 fails to validate /etc/initab during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.... Read more

    Affected Products : vynamic_security_suite
    • Published: Aug. 08, 2024
    • Modified: Aug. 19, 2024

  • 6.6

    MEDIUM
    CVE-2023-28865

    Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02 fails to validate the directory contents of certain directories (e.g., ensuring the expected hash sum) during the Pre-Boot Authorization (PBA) process. ... Read more

    Affected Products : vynamic_security_suite
    • Published: Aug. 08, 2024
    • Modified: Aug. 19, 2024

  • 7.5

    HIGH
    CVE-2023-33206

    Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0 SR03, and 4.3.0 SR01 fails to validate symlinks during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to mani... Read more

    Affected Products : vynamic_security_suite
    • Published: Aug. 08, 2024
    • Modified: Aug. 19, 2024

  • 7.8

    HIGH
    CVE-2024-20789

    Dimension versions 3.4.11 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malici... Read more

    Affected Products : dimension
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-20790

    Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requi... Read more

    Affected Products : dimension
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-25157

    An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure o... Read more

    Affected Products : goanywhere_managed_file_transfer
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 7.8

    HIGH
    CVE-2024-34117

    Photoshop Desktop versions 24.7.3, 25.9.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu... Read more

    Affected Products : macos windows photoshop
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 7.8

    HIGH
    CVE-2024-34124

    Dimension versions 3.4.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a ... Read more

    Affected Products : dimension
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-34125

    Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requi... Read more

    Affected Products : dimension
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024
Showing 20 of 291205 Results