Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.7

    MEDIUM
    CVE-2024-57934

    In the Linux kernel, the following vulnerability has been resolved: fgraph: Add READ_ONCE() when accessing fgraph_array[] In __ftrace_return_to_handler(), a loop iterates over the fgraph_array[] elements, which are fgraph_ops. The loop checks if an elem... Read more

    Affected Products : linux_kernel
    • Published: Jan. 21, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Race Condition

  • 5.5

    MEDIUM
    CVE-2024-57933

    In the Linux kernel, the following vulnerability has been resolved: gve: guard XSK operations on the existence of queues This patch predicates the enabling and disabling of XSK pools on the existence of queues. As it stands, if the interface is down, di... Read more

    Affected Products : linux_kernel
    • Published: Jan. 21, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2024-57932

    In the Linux kernel, the following vulnerability has been resolved: gve: guard XDP xmit NDO on existence of xdp queues In GVE, dedicated XDP queues only exist when an XDP program is installed and the interface is up. As such, the NDO XDP XMIT callback s... Read more

    Affected Products : linux_kernel
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2024-57931

    In the Linux kernel, the following vulnerability has been resolved: selinux: ignore unknown extended permissions When evaluating extended permissions, ignore unknown permissions instead of calling BUG(). This commit ensures that future permissions can b... Read more

    Affected Products : linux_kernel
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025

  • 0.0

    NA
    CVE-2024-57930

    In the Linux kernel, the following vulnerability has been resolved: tracing: Have process_string() also allow arrays In order to catch a common bug where a TRACE_EVENT() TP_fast_assign() assigns an address of an allocated string to the ring buffer and t... Read more

    Affected Products : linux_kernel
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2025-0450

    The Betheme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom JS functionality in all versions up to, and including, 27.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. Thi... Read more

    Affected Products : betheme
    • Published: Jan. 21, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-52973

    An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/log_entries/summary. This can be carried out by users with read access to the Observability-Logs feature in Kibana.... Read more

    Affected Products : kibana
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-43709

    An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.... Read more

    Affected Products : elasticsearch elasticsearch
    • Published: Jan. 21, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2024-37284

    Improper handling of alternate encoding occurs when Elastic Defend on Windows systems attempts to scan a file or process encoded as a multibyte character. This leads to an uncaught exception causing Elastic Defend to crash which in turn will prevent it fr... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2024-13444

    The wp-greet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update set... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2024-13230

    The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Limited SQL Injection via the ‘SuperSocializerKey’ parameter in all versions up to, and including, 7.14 due to insufficient escaping on the ... Read more

    Affected Products : super_socializer
    • Published: Jan. 21, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2024-11226

    The FireCask Like & Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for a... Read more

    Affected Products : firecask_like_\&_share_button
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-23184

    A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it appl... Read more

    Affected Products : cxf
    • Published: Jan. 21, 2025
    • Modified: Feb. 15, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2024-6466

    NEC Corporation's WebSAM DeploymentManager v6.0 to v6.80 allows an attacker to reset configurations or restart products via network with X-FRAME-OPTIONS is not specified.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2024-13404

    The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchll' parameter in all versions up to, and including, 7.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthent... Read more

    Affected Products : link_library
    • Published: Jan. 21, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-12104

    The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpf_delete_file and wpf_delete_file functions in all versions up to, and incl... Read more

    • Published: Jan. 21, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2024-12005

    The WP-BibTeX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the wp_bibtex_option_page() function. This makes it possible for unauthenti... Read more

    Affected Products : wp-bibtex wp-bibtex
    • Published: Jan. 21, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.4

    MEDIUM
    CVE-2025-0371

    The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.7.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possi... Read more

    Affected Products : jetelements
    • Published: Jan. 21, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-10936

    The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. This makes it possible for unauthenticated at... Read more

    Affected Products : string_locator
    • Published: Jan. 21, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-23086

    On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in ... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Mar. 22, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291193 Results