Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2024-43875

    In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Clean up error handling in vpci_scan_bus() Smatch complains about inconsistent NULL checking in vpci_scan_bus(): drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 v... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 0.0

    NA
    CVE-2024-43867

    In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix refcount underflow Calling nouveau_bo_ref() on a nouveau_bo without initializing it (and hence the backing ttm_bo) leads to a refcount underflow. Instead of cal... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 0.0

    NA
    CVE-2024-43879

    In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Currently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in cfg80211_calculate_bitrate_he(), leading to... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 0.0

    NA
    CVE-2022-48883

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent A user is able to configure an arbitrary number of rx queues when creating an interface via netlink. This doesn't... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 6.3

    MEDIUM
    CVE-2024-43408

    Discourse Placeholder Forms will let you build dynamic documentation. Unsanitized and stored user input was injected in the html of the post. The vulnerability is fixed in commit a62f711d5600e4e5d86f342d52932cb6221672e7.... Read more

    Affected Products :
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 4.4

    MEDIUM
    CVE-2024-6322

    Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific data... Read more

    Affected Products : grafana
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-5880

    The Hide My Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 due to the plugin not restricting access to the REST API when password protection is enabled. This makes it possible for unauth... Read more

    Affected Products :
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 8.8

    HIGH
    CVE-2024-42363

    Prior to 3385, the user-controlled role parameter enters the application in the Kubernetes::RoleVerificationsController. The role parameter flows into the RoleConfigFile initializer and then into the Kubernetes::Util.parse_file method where it is unsafely... Read more

    Affected Products :
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 0.0

    NA
    CVE-2024-43865

    In the Linux kernel, the following vulnerability has been resolved: s390/fpu: Re-add exception handling in load_fpu_state() With the recent rewrite of the fpu code exception handling for the lfpc instruction within load_fpu_state() was erroneously remov... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 8.8

    HIGH
    CVE-2024-43403

    Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created Clust... Read more

    Affected Products :
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 5.3

    MEDIUM
    CVE-2024-6568

    The Flamix: Bitrix24 and Contact Form 7 integrations plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.0. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This ... Read more

    Affected Products :
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 7.2

    HIGH
    CVE-2024-7134

    The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘form_data’ parameter in all versions up to, and including, 3.3.78 due to insufficient input sanitization and output escapi... Read more

    Affected Products :
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 7.8

    HIGH
    CVE-2024-7013

    Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.... Read more

    Affected Products :
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 0.0

    NA
    CVE-2024-43877

    In the Linux kernel, the following vulnerability has been resolved: media: pci: ivtv: Add check for DMA map result In case DMA fails, 'dma->SG_length' is 0. This value is later used to access 'dma->SGarray[dma->SG_length - 1]', which will cause out of b... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 0.0

    NA
    CVE-2024-43869

    In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exec and file release The perf pending task work is never waited upon the matching event release. In the case of a child event, released via free_event() direc... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 0.0

    NA
    CVE-2024-43864

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix CT entry update leaks of modify header context The cited commit allocates a new modify header to replace the old one when updating CT entry. But if failed to allocate a n... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 0.0

    NA
    CVE-2024-43870

    In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exit When a task is scheduled out, pending sigtrap deliveries are deferred to the target task upon resume to userspace via task_work. However failures while a... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7919

    A vulnerability, which was classified as critical, has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. This issue affects some unknown processing of the file /report/ParkChargeRecord/GetDataList. The manipulati... Read more

    Affected Products : jielink\+_jsotc2016
    • Published: Aug. 19, 2024
    • Modified: Aug. 21, 2024

  • 6.1

    MEDIUM
    CVE-2024-23729

    The ColorOS Internet Browser com.heytap.browser application 45.10.3.4.1 for Android allows a remote attacker to execute arbitrary JavaScript code via the com.android.browser.RealBrowserActivity component.... Read more

    Affected Products : internet_browser
    • Published: Aug. 19, 2024
    • Modified: Aug. 20, 2024

  • 8.4

    HIGH
    CVE-2024-44067

    The T-Head XuanTie C910 CPU in the TH1520 SoC and the T-Head XuanTie C920 CPU in the SOPHON SG2042 have instructions that allow unprivileged attackers to write to arbitrary physical memory locations, aka GhostWrite.... Read more

    Affected Products :
    • Published: Aug. 19, 2024
    • Modified: Aug. 20, 2024
Showing 20 of 291398 Results