Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2024-57885

    In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: fix sleeping function called from invalid context at print message Address a bug in the kernel that triggers a "sleeping function called from invalid context" warning when ... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2024-57884

    In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() The task sometimes continues looping in throttle_direct_reclaim() because allow_direct_reclaim(p... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2024-57883

    In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: independent PMD page table shared count The folio refcount may be increased unexpectly through try_get_folio() by caller such as split_huge_pages. In huge_pmd_unshare(), w... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2024-57882

    In the Linux kernel, the following vulnerability has been resolved: mptcp: fix TCP options overflow. Syzbot reported the following splat: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-57857

    In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Remove direct link to net_device Do not manage a per device direct link to net_device. Rely on associated ib_devices net_device management, not doubling the effort locally. A ... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2025
    • Modified: Mar. 24, 2025

  • 0.0

    NA
    CVE-2024-57844

    In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix fault on fd close after unbind If userspace holds an fd open, unbinds the device and then closes it, the driver shouldn't try to access the hardware. Protect it by using drm... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2024-57841

    In the Linux kernel, the following vulnerability has been resolved: net: fix memory leak in tcp_conn_request() If inet_csk_reqsk_queue_hash_add() return false, tcp_conn_request() will return without free the dst memory, which allocated in af_ops->route_... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2024-57802

    In the Linux kernel, the following vulnerability has been resolved: netrom: check buffer length before accessing it Syzkaller reports an uninit value read from ax25cmp when sending raw message through ieee802154 implementation. ========================... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2024-57801

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Skip restore TC rules for vport rep without loaded flag During driver unload, unregister_netdev is called after unloading vport rep. So, the mlx5e_rep_priv is already freed w... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-57795

    In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Remove the direct link to net_device The similar patch in siw is in the link: https://git.kernel.org/rdma/rdma/c/16b87037b48889 This problem also occurred in RXE. The followi... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2024-54031

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext Access to genmask field in struct nft_set_ext results in unaligned atomic read: [ 72.130109] Unable to handle ker... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2024-53681

    In the Linux kernel, the following vulnerability has been resolved: nvmet: Don't overflow subsysnqn nvmet_root_discovery_nqn_store treats the subsysnqn string like a fixed size buffer, even though it is dynamically allocated to the size of the string. ... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2024-39282

    In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Fix FSM command timeout issue When driver processes the internal state change command, it use an asynchronous thread to process the command operation. If the main threa... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2024-36476

    In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Ensure 'ib_sge list' is accessible Move the declaration of the 'ib_sge list' variable outside the 'always_invalidate' block to ensure it remains accessible for use throughout... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2024-13215

    The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authentica... Read more

    Affected Products : elementor_addon_elements
    • Published: Jan. 15, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2024-11029

    A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator pass... Read more

    Affected Products : enterprise_linux
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Information Disclosure

  • 6.4

    MEDIUM
    CVE-2024-12593

    The PDF for WPForms + Drag and Drop Template Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's yeepdf_dotab shortcode in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output es... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-11851

    The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropack_rml_notification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated... Read more

    Affected Products : nitropack
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2024-11848

    The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenti... Read more

    Affected Products : nitropack
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-0448

    Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 15, 2025
    • Modified: Apr. 21, 2025
Showing 20 of 291358 Results