Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2024-57844

    In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix fault on fd close after unbind If userspace holds an fd open, unbinds the device and then closes it, the driver shouldn't try to access the hardware. Protect it by using drm... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2024-57841

    In the Linux kernel, the following vulnerability has been resolved: net: fix memory leak in tcp_conn_request() If inet_csk_reqsk_queue_hash_add() return false, tcp_conn_request() will return without free the dst memory, which allocated in af_ops->route_... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2024-57802

    In the Linux kernel, the following vulnerability has been resolved: netrom: check buffer length before accessing it Syzkaller reports an uninit value read from ax25cmp when sending raw message through ieee802154 implementation. ========================... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2024-57801

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Skip restore TC rules for vport rep without loaded flag During driver unload, unregister_netdev is called after unloading vport rep. So, the mlx5e_rep_priv is already freed w... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-57795

    In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Remove the direct link to net_device The similar patch in siw is in the link: https://git.kernel.org/rdma/rdma/c/16b87037b48889 This problem also occurred in RXE. The followi... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2024-54031

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext Access to genmask field in struct nft_set_ext results in unaligned atomic read: [ 72.130109] Unable to handle ker... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2024-53681

    In the Linux kernel, the following vulnerability has been resolved: nvmet: Don't overflow subsysnqn nvmet_root_discovery_nqn_store treats the subsysnqn string like a fixed size buffer, even though it is dynamically allocated to the size of the string. ... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2024-39282

    In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Fix FSM command timeout issue When driver processes the internal state change command, it use an asynchronous thread to process the command operation. If the main threa... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2024-36476

    In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Ensure 'ib_sge list' is accessible Move the declaration of the 'ib_sge list' variable outside the 'always_invalidate' block to ensure it remains accessible for use throughout... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2024-13215

    The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authentica... Read more

    Affected Products : elementor_addon_elements
    • Published: Jan. 15, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2024-11029

    A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator pass... Read more

    Affected Products : enterprise_linux
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Information Disclosure

  • 6.4

    MEDIUM
    CVE-2024-12593

    The PDF for WPForms + Drag and Drop Template Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's yeepdf_dotab shortcode in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output es... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-11851

    The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropack_rml_notification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated... Read more

    Affected Products : nitropack
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2024-11848

    The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenti... Read more

    Affected Products : nitropack
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-0448

    Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 15, 2025
    • Modified: Apr. 21, 2025

  • 8.8

    HIGH
    CVE-2025-0447

    Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 15, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-0446

    Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 15, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-0443

    Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Mediu... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 15, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-0442

    Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 15, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-0441

    Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 15, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291293 Results