Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-45026

    In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix error recovery leading to data corruption on ESE devices Extent Space Efficient (ESE) or thin provisioned volumes need to be formatted on demand during usual IO processin... Read more

    Affected Products : linux_kernel
    • Published: Sep. 11, 2024
    • Modified: Sep. 13, 2024

  • 5.5

    MEDIUM
    CVE-2024-45028

    In the Linux kernel, the following vulnerability has been resolved: mmc: mmc_test: Fix NULL dereference on allocation failure If the "test->highmem = alloc_pages()" allocation fails then calling __free_pages(test->highmem) will result in a NULL derefere... Read more

    Affected Products : linux_kernel
    • Published: Sep. 11, 2024
    • Modified: Sep. 13, 2024

  • 5.5

    MEDIUM
    CVE-2024-45029

    In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: Do not mark ACPI devices as irq safe On ACPI machines, the tegra i2c module encounters an issue due to a mutex being called inside a spinlock. This leads to the following bu... Read more

    Affected Products : linux_kernel
    • Published: Sep. 11, 2024
    • Modified: Sep. 13, 2024

  • 5.5

    MEDIUM
    CVE-2024-45030

    In the Linux kernel, the following vulnerability has been resolved: igb: cope with large MAX_SKB_FRAGS Sabrina reports that the igb driver does not cope well with large MAX_SKB_FRAG values: setting MAX_SKB_FRAG to 45 causes payload corruption on TX. An... Read more

    Affected Products : linux_kernel
    • Published: Sep. 11, 2024
    • Modified: Sep. 13, 2024

  • 5.5

    MEDIUM
    CVE-2024-46672

    In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion wpa_supplicant 2.11 sends since 1efdba5fdc2c ("Handle PMKSA flush in the driver for SAE/OWE offload cases") SSID based PMKSA d... Read more

    Affected Products : linux_kernel
    • Published: Sep. 11, 2024
    • Modified: Sep. 13, 2024

  • 8.4

    HIGH
    CVE-2024-5760

    The Samsung Universal Print Driver for Windows is potentially vulnerable to escalation of privilege allowing the creation of a reverse shell in the tool. This is only applicable for products in the application released or manufactured before 2018.... Read more

    Affected Products : windows universal_print_driver
    • Published: Sep. 11, 2024
    • Modified: Sep. 13, 2024

  • 7.0

    HIGH
    CVE-2024-7312

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from... Read more

    Affected Products : payara
    • Published: Sep. 11, 2024
    • Modified: Sep. 13, 2024

  • 8.8

    HIGH
    CVE-2024-8709

    A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is the function delete_user/save_user of the file /admin_class.php. The manipulation of the argument id leads to sql injection. It is... Read more

    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 8.8

    HIGH
    CVE-2024-8710

    A vulnerability classified as critical was found in code-projects Inventory Management 1.0. Affected by this vulnerability is an unknown functionality of the file /model/viewProduct.php of the component Products Table Page. The manipulation of the argumen... Read more

    Affected Products : inventory_management
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 7.5

    HIGH
    CVE-2024-8711

    A vulnerability, which was classified as problematic, has been found in SourceCodester Food Ordering Management System 1.0. Affected by this issue is some unknown functionality of the file /includes/. The manipulation leads to exposure of information thro... Read more

    Affected Products : food_ordering_management_system
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 6.1

    MEDIUM
    CVE-2024-6017

    The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : music_request_manager
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 6.1

    MEDIUM
    CVE-2024-6018

    The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers... Read more

    Affected Products : music_request_manager
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 6.1

    MEDIUM
    CVE-2024-6019

    The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators... Read more

    Affected Products : music_request_manager
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 10.0

    CRITICAL
    CVE-2024-8522

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on... Read more

    Affected Products : learnpress
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 10.0

    CRITICAL
    CVE-2024-8529

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping ... Read more

    Affected Products : learnpress
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 5.5

    MEDIUM
    CVE-2024-6700

    Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.... Read more

    Affected Products : pega_platform infinity
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 5.5

    MEDIUM
    CVE-2024-6701

    Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.... Read more

    Affected Products : pega_platform infinity
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 5.2

    MEDIUM
    CVE-2024-6702

    Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.... Read more

    Affected Products : pega_platform infinity
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 5.4

    MEDIUM
    CVE-2020-24061

    Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script... Read more

    Affected Products : kw5515_firmware kw5515
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 7.6

    HIGH
    CVE-2024-43966

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stark Digital WP Testimonial Widget.This issue affects WP Testimonial Widget: from n/a through 3.1.... Read more

    Affected Products : wp_testimonial_widget
    • Published: Aug. 26, 2024
    • Modified: Sep. 13, 2024
Showing 20 of 292812 Results