Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-37898

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When a user has view but not edit right on a page in XWiki, that user can delete the page and replace it by a page with new content without having del... Read more

    Affected Products : xwiki
    • Published: Jul. 31, 2024
    • Modified: Sep. 06, 2024

  • 9.9

    CRITICAL
    CVE-2024-37901

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchS... Read more

    Affected Products : xwiki
    • Published: Jul. 31, 2024
    • Modified: Sep. 06, 2024

  • 9.0

    CRITICAL
    CVE-2024-41947

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of th... Read more

    Affected Products : xwiki
    • Published: Jul. 31, 2024
    • Modified: Sep. 06, 2024

  • 7.5

    HIGH
    CVE-2024-23499

    Protection mechanism failure in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an unauthenticated user to potentially enable denial of service via network access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 7.8

    HIGH
    CVE-2024-23907

    Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 7.8

    HIGH
    CVE-2024-23909

    Uncontrolled search path in some Intel(R) FPGA SDK for OpenCL(TM) software technology may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 9.3

    CRITICAL
    CVE-2024-23981

    Wrap-around error in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 9.3

    CRITICAL
    CVE-2024-24986

    Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 8.5

    HIGH
    CVE-2024-25576

    improper access control in firmware for some Intel(R) FPGA products before version 24.1 may allow a privileged user to enable escalation of privilege via local access.... Read more

    Affected Products : agilex_7_fpga_firmware
    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 8.5

    HIGH
    CVE-2024-26022

    Improper access control in some Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 7.8

    HIGH
    CVE-2024-26025

    Incorrect default permissions for some Intel(R) Advisor software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products : oneapi_base_toolkit advisor
    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 7.8

    HIGH
    CVE-2024-26027

    Uncontrolled search path for some Intel(R) Simics Package Manager software before version 1.8.3 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products : simics_package_manager
    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 5.6

    MEDIUM
    CVE-2024-27461

    Incorrect default permissions in software installer for Intel(R) MAS (GUI) may allow an authenticated user to potentially enable denial of service via local access.... Read more

    Affected Products : memory_and_storage_tool_gui
    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 7.8

    HIGH
    CVE-2024-28046

    Uncontrolled search path in some Intel(R) GPA software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products : graphics_performance_analyzers
    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 5.5

    MEDIUM
    CVE-2024-28050

    Improper access control in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.4824 may allow an authenticated user to potentially enable denial of service via local access.... Read more

    Affected Products : iris_xe_graphics arc_a_graphics
    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 7.3

    HIGH
    CVE-2024-28172

    Uncontrolled search path for some Intel(R) Trace Analyzer and Collector software before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 9.1

    CRITICAL
    CVE-2024-45758

    H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document ... Read more

    Affected Products : h2o
    • Published: Sep. 06, 2024
    • Modified: Sep. 06, 2024

  • 7.3

    HIGH
    CVE-2024-28876

    Uncontrolled search path for some Intel(R) MPI Library software before version 2021.12 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products : mpi_library oneapi_hpc_toolkit
    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-42783

    Kashipara Music Management System v1.0 is vulnerable to SQL Injection via /music/manage_playlist_items.php. An attacker can execute arbitrary SQL commands via the "pid" parameter.... Read more

    Affected Products : music_management_system
    • Published: Aug. 21, 2024
    • Modified: Sep. 06, 2024

  • 9.1

    CRITICAL
    CVE-2024-45053

    Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Templa... Read more

    Affected Products : fides
    • Published: Sep. 04, 2024
    • Modified: Sep. 06, 2024
Showing 20 of 292386 Results