Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2024-51818

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3.... Read more

    Affected Products : fancy_product_designer
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2024-49700

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ARPrice allows Reflected XSS. This issue affects ARPrice: from n/a through 4.0.3.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-49699

    Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-49688

    Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2024-49666

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound ARPrice allows SQL Injection. This issue affects ARPrice: from n/a through 4.0.3.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2024-49655

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound ARPrice allows SQL Injection. This issue affects ARPrice: from n/a through 4.0.3.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2024-49333

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: fr... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2024-49303

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: fr... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2024-49300

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows Reflected XSS. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: fr... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-32555

    Incorrect Privilege Assignment vulnerability in NotFound Easy Real Estate allows Privilege Escalation. This issue affects Easy Real Estate: from n/a through 2.2.6.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-21664

    In the Linux kernel, the following vulnerability has been resolved: dm thin: make get_first_thin use rcu-safe list first function The documentation in rculist.h explains the absence of list_empty_rcu() and cautions programmers against relying on a list_... Read more

    Affected Products : linux_kernel
    • Published: Jan. 21, 2025
    • Modified: Feb. 02, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-21663

    In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-tegra: Read iommu stream id from device tree Nvidia's Tegra MGBE controllers require the IOMMU "Stream ID" (SID) to be written to the MGBE_WRAP_AXI_ASID0_CTRL registe... Read more

    Affected Products : linux_kernel
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-21662

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix variable not being completed when function returns When cmd_alloc_index(), fails cmd_work_handler() needs to complete ent->slotted before returning early. Otherwise the ta... Read more

    Affected Products : linux_kernel
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Race Condition

  • 5.5

    MEDIUM
    CVE-2025-21661

    In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix missing lookup table cleanups When a virtuser device is created via configfs and the probe fails due to an incorrect lookup table, the table is not removed. This pre... Read more

    Affected Products : linux_kernel
    • Published: Jan. 21, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-21660

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked When `ksmbd_vfs_kern_path_locked` met an error and it is not the last entry, it will exit without restoring changed pa... Read more

    Affected Products : linux_kernel
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-21659

    In the Linux kernel, the following vulnerability has been resolved: netdev: prevent accessing NAPI instances from another namespace The NAPI IDs were not fully exposed to user space prior to the netlink API, so they were never namespaced. The netlink AP... Read more

    Affected Products : linux_kernel
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-21658

    In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid NULL pointer dereference if no valid extent tree [BUG] Syzbot reported a crash with the following call trace: BTRFS info (device loop0): scrub: started on devid 1 BUG:... Read more

    Affected Products : linux_kernel
    • Published: Jan. 21, 2025
    • Modified: Jan. 22, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-21657

    In the Linux kernel, the following vulnerability has been resolved: sched_ext: Replace rq_lock() to raw_spin_rq_lock() in scx_ops_bypass() scx_ops_bypass() iterates all CPUs to re-enqueue all the scx tasks. For each CPU, it acquires a lock using rq_lock... Read more

    Affected Products : linux_kernel
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-21656

    In the Linux kernel, the following vulnerability has been resolved: hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur scsi_execute_cmd() function can return both negative (linux codes) and positive (scsi_cmnd result field) erro... Read more

    Affected Products : linux_kernel
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2024-57946

    In the Linux kernel, the following vulnerability has been resolved: virtio-blk: don't keep queue frozen during system suspend Commit 4ce6e2db00de ("virtio-blk: Ensure no requests in virtqueues before deleting vqs.") replaces queue quiesce with queue fre... Read more

    Affected Products : linux_kernel
    • Published: Jan. 21, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Race Condition
Showing 20 of 291205 Results