Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-56776

    In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the fai... Read more

    Affected Products : linux_kernel
    • Published: Jan. 08, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-56775

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix handling of plane refcount [Why] The mechanism to backup and restore plane states doesn't maintain refcount, which can cause issues if the refcount of the plane cha... Read more

    Affected Products : linux_kernel
    • Published: Jan. 08, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2024-56774

    In the Linux kernel, the following vulnerability has been resolved: btrfs: add a sanity check for btrfs root in btrfs_search_slot() Syzbot reports a null-ptr-deref in btrfs_search_slot(). The reproducer is using rescue=ibadroots, and the extent tree ro... Read more

    Affected Products : linux_kernel
    • Published: Jan. 08, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2024-56773

    In the Linux kernel, the following vulnerability has been resolved: kunit: Fix potential null dereference in kunit_device_driver_test() kunit_kzalloc() may return a NULL pointer, dereferencing it without NULL check may lead to NULL dereference. Add a NU... Read more

    Affected Products : linux_kernel
    • Published: Jan. 08, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-56772

    In the Linux kernel, the following vulnerability has been resolved: kunit: string-stream: Fix a UAF bug in kunit_init_suite() In kunit_debugfs_create_suite(), if alloc_string_stream() fails in the kunit_suite_for_each_test_case() loop, the "suite->log =... Read more

    Affected Products : linux_kernel
    • Published: Jan. 08, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2024-56771

    In the Linux kernel, the following vulnerability has been resolved: mtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information These four chips: * W25N512GW * W25N01GW * W25N01JW * W25N02JW all require a single bit of ECC strength and thus fe... Read more

    Affected Products : linux_kernel
    • Published: Jan. 08, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2024-51442

    Command Injection in Minidlna version v1.3.3 and before allows an attacker to execute arbitrary OS commands via a specially crafted minidlna.conf configuration file.... Read more

    Affected Products :
    • Published: Jan. 08, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2023-35685

    In DevmemIntMapPages of devicemem_server.c, there is a possible physical page uaf due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not need... Read more

    Affected Products : android
    • Published: Jan. 08, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-20168

    A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is ... Read more

    • Published: Jan. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-20167

    A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is ... Read more

    • Published: Jan. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-20166

    A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is ... Read more

    • Published: Jan. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2024-56770

    In the Linux kernel, the following vulnerability has been resolved: net/sched: netem: account for backlog updates from child qdisc In general, 'qlen' of any classful qdisc should keep track of the number of packets that the qdisc itself and all of its c... Read more

    Affected Products : linux_kernel
    • Published: Jan. 08, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2024-55459

    An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.... Read more

    Affected Products : keras
    • Published: Jan. 08, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2024-13187

    A vulnerability was found in Kingsoft WPS Office 6.14.0 on macOS. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component TCC Handler. The manipulation leads to code injection. It is possible to launch... Read more

    Affected Products : wps_office
    • Published: Jan. 08, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-22137

    Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated (if anonymous shares are allowed) user to overwrite arbitrary files on the server, including sensitive sy... Read more

    Affected Products :
    • Published: Jan. 08, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Path Traversal

  • 8.6

    HIGH
    CVE-2025-22136

    Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.217 , Tabby enables several high-risk Electron Fuses, including RunAsNode, EnableNodeCliInspectArguments, and EnableNodeOptionsEnvironmentVariable. These fuses create poten... Read more

    Affected Products :
    • Published: Jan. 08, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-22130

    Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing non-admin users to access and take over other user's repositories. A malicious user then can modify, delete, and arbitrarily repositori... Read more

    Affected Products : soft_serve
    • Published: Jan. 08, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Path Traversal

  • 4.8

    MEDIUM
    CVE-2025-20126

    A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This vulnerability exists because the affecte... Read more

    • Published: Jan. 08, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2025-20123

    Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users of the interface of an affected system. These... Read more

    Affected Products : crosswork_network_controller
    • Published: Jan. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-55656

    RedisBloom adds a set of probabilistic data structures to Redis. There is an integer overflow vulnerability in RedisBloom, which is a module used in Redis. The integer overflow vulnerability allows an attacker (a redis client which knows the password) to ... Read more

    Affected Products :
    • Published: Jan. 08, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293418 Results