Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NONE
    CVE-2024-47685

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th->res1) Use skb_... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-47683

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip Recompute DSC Params if no Stream on Link [why] Encounter NULL pointer dereference uner mst + dsc setup. BUG: kernel NULL pointer dereference, address: 0000000000... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-47682

    In the Linux kernel, the following vulnerability has been resolved: scsi: sd: Fix off-by-one error in sd_read_block_characteristics() Ff the device returns page 0xb1 with length 8 (happens with qemu v2.x, for example), sd_read_block_characteristics() ma... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-47680

    In the Linux kernel, the following vulnerability has been resolved: f2fs: check discard support for conventional zones As the helper function f2fs_bdev_support_discard() shows, f2fs checks if the target block devices support discard by calling bdev_max_... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-47679

    In the Linux kernel, the following vulnerability has been resolved: vfs: fix race between evice_inodes() and find_inode()&iput() Hi, all Recently I noticed a bug[1] in btrfs, after digged it into and I believe it'a race in vfs. Let's assume there's a ... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-47678

    In the Linux kernel, the following vulnerability has been resolved: icmp: change the order of rate limits ICMP messages are ratelimited : After the blamed commits, the two rate limiters are applied in this order: 1) host wide ratelimit (icmp_global_al... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-47675

    In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() If bpf_link_prime() fails, bpf_uprobe_multi_link_attach() goes to the error_free label and frees the array of bpf_uprobe's with... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 7.6

    CVSS31
    CVE-2024-47328

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Automation By Autonami allows SQL Injection.This issue affects Automation By Autonami: from n/a through 3.1.2.... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 6.5

    CVSS31
    CVE-2024-43945

    Cross-Site Request Forgery (CSRF) vulnerability in Latepoint LatePoint allows Cross Site Request Forgery.This issue affects LatePoint: from n/a through 4.9.91.... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 8.8

    CVSS31
    CVE-2024-10202

    Administrative Management System from Wellchoose has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands.... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 7.5

    CVSS31
    CVE-2024-10200

    Administrative Management System from Wellchoose has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to download arbitrary files on the server.... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 8.8

    CVSS31
    CVE-2024-10201

    Administrative Management System from Wellchoose does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells.... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-48930

    secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. In `elliptic`-based version, `loadUncompressedPublicKey` has a check that the public key is on the curve. Prior to versions 5.0.1, 4.0.4, and 3.8.1, howev... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 6.5

    CVSS31
    CVE-2024-8305

    prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions pr... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 8.2

    CVSS31
    CVE-2024-6519

    A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-45309

    OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9.... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-49862

    In the Linux kernel, the following vulnerability has been resolved: powercap: intel_rapl: Fix off by one in get_rpi() The rp->priv->rpi array is either rpi_msr or rpi_tpmi which have NR_RAPL_PRIMITIVES number of elements. Thus the > needs to be >= to p... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-49861

    In the Linux kernel, the following vulnerability has been resolved: bpf: Fix helper writes to read-only maps Lonial found an issue that despite user- and BPF-side frozen BPF map (like in case of .rodata), it was still possible to write into it from a BP... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-49860

    In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of _STR method Only buffer objects are valid return values of _STR. If something else is returned description_show() will access invalid memory.... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-49858

    In the Linux kernel, the following vulnerability has been resolved: efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption The TPM event log table is a Linux specific construct, where the data produced by the GetEventLog() boot service i... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024
Showing 20 of 519 Results