Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2022-48902

    In the Linux kernel, the following vulnerability has been resolved: btrfs: do not WARN_ON() if we have PageError set Whenever we do any extent buffer operations we call assert_eb_page_uptodate() to complain loudly if we're operating on an non-uptodate p... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2024
    • Modified: Sep. 12, 2024

  • 5.5

    MEDIUM
    CVE-2022-48903

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() We are seeing crashes similar to the following trace: [38.969182] WARNING: CPU: 20 PID: 2105 at fs/b... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2024
    • Modified: Sep. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-41730

    In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. The attacker can fully compromise the system resulting in High impact on ... Read more

    • Published: Aug. 13, 2024
    • Modified: Sep. 12, 2024

  • 5.3

    MEDIUM
    CVE-2024-41733

    In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account, but does not grant access to any customer data beyond this kno... Read more

    Affected Products : commerce
    • Published: Aug. 13, 2024
    • Modified: Sep. 12, 2024

  • 5.5

    MEDIUM
    CVE-2022-48904

    In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix I/O page table memory leak The current logic updates the I/O page table mode for the domain before calling the logic to free memory used for the page table. This results ... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2024
    • Modified: Sep. 12, 2024

  • 5.4

    MEDIUM
    CVE-2024-41735

    SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability causing low impact on confidentiality and integrity of the application.... Read more

    Affected Products : commerce_backoffice
    • Published: Aug. 13, 2024
    • Modified: Sep. 12, 2024

  • 5.8

    MEDIUM
    CVE-2024-8155

    A vulnerability classified as critical was found in ContiNew Admin 3.2.0. Affected by this vulnerability is the function top.continew.starter.extension.crud.controller.BaseController#tree of the file /api/system/dept/tree?sort=parentId%2Casc&sort=sort%2Ca... Read more

    Affected Products : admin
    • Published: Aug. 25, 2024
    • Modified: Sep. 12, 2024

  • 4.3

    MEDIUM
    CVE-2024-41736

    Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application.... Read more

    Affected Products : permit_to_work
    • Published: Aug. 13, 2024
    • Modified: Sep. 12, 2024

  • 5.0

    MEDIUM
    CVE-2024-41737

    SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrit... Read more

    Affected Products : crm_abap_insights_management
    • Published: Aug. 13, 2024
    • Modified: Sep. 12, 2024

  • 5.5

    MEDIUM
    CVE-2022-48905

    In the Linux kernel, the following vulnerability has been resolved: ibmvnic: free reset-work-item when flushing Fix a tiny memory leak when flushing the reset work queue.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2024
    • Modified: Sep. 12, 2024

  • 6.5

    MEDIUM
    CVE-2024-42376

    SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. On successful exploitation, an attacker can cause a high impact on confidentiality of the application.... Read more

    Affected Products : shared_service_framework
    • Published: Aug. 13, 2024
    • Modified: Sep. 12, 2024

  • 4.3

    MEDIUM
    CVE-2024-42377

    SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application... Read more

    Affected Products : shared_service_framework
    • Published: Aug. 13, 2024
    • Modified: Sep. 12, 2024

  • 5.5

    MEDIUM
    CVE-2022-48906

    In the Linux kernel, the following vulnerability has been resolved: mptcp: Correctly set DATA_FIN timeout when number of retransmits is large Syzkaller with UBSAN uncovered a scenario where a large number of DATA_FIN retransmits caused a shift-out-of-bo... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2024
    • Modified: Sep. 12, 2024

  • 5.5

    MEDIUM
    CVE-2022-48908

    In the Linux kernel, the following vulnerability has been resolved: net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() During driver initialization, the pointer of card info, i.e. the variable 'ci' is required. However, the definition of '... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2024
    • Modified: Sep. 12, 2024

  • 5.5

    MEDIUM
    CVE-2022-48909

    In the Linux kernel, the following vulnerability has been resolved: net/smc: fix connection leak There's a potential leak issue under following execution sequence : smc_release smc_connect_work if (sk->sk_state == SMC_INIT) send_clc_confirim ... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2024
    • Modified: Sep. 12, 2024

  • 5.5

    MEDIUM
    CVE-2022-48907

    In the Linux kernel, the following vulnerability has been resolved: auxdisplay: lcd2s: Fix memory leak in ->remove() Once allocated the struct lcd2s_data is never freed. Fix the memory leak by switching to devm_kzalloc().... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2024
    • Modified: Sep. 12, 2024

  • 5.3

    MEDIUM
    CVE-2024-39591

    SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.... Read more

    Affected Products : document_builder
    • Published: Aug. 13, 2024
    • Modified: Sep. 12, 2024

  • 4.3

    MEDIUM
    CVE-2024-41734

    Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availa... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Aug. 13, 2024
    • Modified: Sep. 12, 2024

  • 5.5

    MEDIUM
    CVE-2022-48914

    In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before real_num_tx_queues is zeroed xennet_destroy_queues() relies on info->netdev->real_num_tx_queues to delete queues. Since d7dac083414eb5bb99a6d2ed53dc2... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2024
    • Modified: Sep. 12, 2024

  • 5.4

    MEDIUM
    CVE-2024-42373

    SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants... Read more

    Affected Products : student_life_cycle_management
    • Published: Aug. 13, 2024
    • Modified: Sep. 12, 2024
Showing 20 of 292787 Results