Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-26590

    In the Linux kernel, the following vulnerability has been resolved: erofs: fix inconsistent per-file compression format EROFS can select compression algorithms on a per-file basis, and each per-file compression algorithm needs to be marked in the on-dis... Read more

    Affected Products : linux_kernel
    • Published: Feb. 22, 2024
    • Modified: Apr. 22, 2025

  • 6.3

    MEDIUM
    CVE-2024-8243

    The WordPress/Plugin Upgrade Time Out Plugin WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF atta... Read more

    • Published: Apr. 09, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.5

    MEDIUM
    CVE-2021-46933

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. ffs_data_clear is indirectly called from both ffs_fs_kill_sb and ffs_ep0_release, so it ends up being called twice when userland ... Read more

    Affected Products : linux_kernel
    • Published: Feb. 27, 2024
    • Modified: Apr. 22, 2025

  • 7.3

    HIGH
    CVE-2023-37013

    Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the S1AP interface. An attacker may repeatedly send such an oversized packet to cause the `ogs_sctp_recvmsg` routine to reach an ... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2023-37014

    Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly cr... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 8.6

    HIGH
    CVE-2023-37015

    Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Path Switch Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 8.6

    HIGH
    CVE-2023-37016

    Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Response` message missing a required `MME_UE_S1AP_ID` field to repeated... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 8.6

    HIGH
    CVE-2023-37017

    Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Global eNB ID` field to repeatedly crash the MME,... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 8.6

    HIGH
    CVE-2023-37018

    Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Capability Info Indication` message missing a required `MME_UE_S1AP_ID` field to repeatedly... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 8.6

    HIGH
    CVE-2023-37019

    Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Supported TAs` field to repeatedly crash the MME... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 8.6

    HIGH
    CVE-2023-37020

    Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Complete` message missing a required `MME_UE_S1AP_ID` field to repeatedly cr... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 8.6

    HIGH
    CVE-2023-37021

    Open5GS MME version <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Failure` message missing a required `MME_UE_S1AP_ID` field to repeatedl... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2023-37002

    Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Modification Indication` message missing a required `MME_UE_S1AP_ID` field to repeatedly... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2023-37003

    Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Setup Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash th... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2023-37004

    Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Response` message missing a required `MME_UE_S1AP_ID` field to repeatedl... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2023-37005

    Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Failure` message missing a required `MME_UE_S1AP_ID` field to repeatedly... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2023-37006

    Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Request Ack` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2023-37007

    Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Cancel` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME,... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2023-37008

    Open5GS MME versions <= 2.6.4 contain a buffer overflow in the ASN.1 deserialization function of the S1AP handler. This buffer overflow causes type confusion in decoded fields, leading to invalid parsing and freeing of memory. An attacker may use this to ... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2023-37009

    Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Notification` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash th... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service
Showing 20 of 293973 Results