Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-55626

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead to a buffer overflow at Suricata startup. The issue has ... Read more

    Affected Products : suricata
    • Published: Jan. 06, 2025
    • Modified: Mar. 31, 2025

  • 9.8

    CRITICAL
    CVE-2024-55529

    Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_users\theme\shell\template.... Read more

    Affected Products : z-blogphp
    • Published: Jan. 06, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2024-54880

    SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to register accounts in bulk.... Read more

    Affected Products : seacms
    • Published: Jan. 06, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2024-54879

    SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely.... Read more

    Affected Products : seacms
    • Published: Jan. 06, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-46622

    An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18 that allows arbitrary file creation, modification and deletion.... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2024-46073

    A reflected Cross-Site Scripting (XSS) vulnerability exists in the login page of IceHRM v32.4.0.OS. The vulnerability is due to improper sanitization of the "next" parameter, which is included in the application's response without adequate escaping. An at... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-21618

    NiceGUI is an easy-to-use, Python-based UI framework. Prior to 2.9.1, authenticating with NiceGUI logged in the user for all browsers, including browsers in incognito mode. This vulnerability is fixed in 2.9.1.... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 06, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-21615

    AAT (Another Activity Tracker) is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device.... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 06, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-21614

    go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing ... Read more

    Affected Products : go-git
    • Published: Jan. 06, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-21613

    go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary value... Read more

    Affected Products : go-git
    • Published: Jan. 06, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2024-56769

    In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg Syzbot reports [1] an uninitialized value issue found by KMSAN in dib3000_read_reg(). Local u8 rb[2] is used in i... Read more

    Affected Products : linux_kernel
    • Published: Jan. 06, 2025
    • Modified: Jan. 09, 2025

  • 5.5

    MEDIUM
    CVE-2024-56768

    In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP On x86-64 calling bpf_get_smp_processor_id() in a kernel with CONFIG_SMP disabled can trigger the following bug, as pcpu_hot is unavai... Read more

    Affected Products : linux_kernel
    • Published: Jan. 06, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2024-56767

    In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset The at_xdmac_memset_create_desc may return NULL, which will lead to a null pointer dereference. For example, the le... Read more

    Affected Products : linux_kernel
    • Published: Jan. 06, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-56766

    In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fix double free in atmel_pmecc_create_user() The "user" pointer was converted from being allocated with kzalloc() to being allocated by devm_kzalloc(). Calling kfree(user... Read more

    Affected Products : linux_kernel
    • Published: Jan. 06, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-56765

    In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/vas: Add close() callback in vas_vm_ops struct The mapping VMA address is saved in VAS window struct when the paste address is mapped. This VMA address is used during mi... Read more

    Affected Products : linux_kernel
    • Published: Jan. 06, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-56764

    In the Linux kernel, the following vulnerability has been resolved: ublk: detach gendisk from ublk device if add_disk() fails Inside ublk_abort_requests(), gendisk is grabbed for aborting all inflight requests. And ublk_abort_requests() is called when e... Read more

    Affected Products : linux_kernel
    • Published: Jan. 06, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2024-56763

    In the Linux kernel, the following vulnerability has been resolved: tracing: Prevent bad count for tracing_cpumask_write If a large count is provided, it will trigger a warning in bitmap_parse_user. Also check zero for it.... Read more

    Affected Products : linux_kernel
    • Published: Jan. 06, 2025
    • Modified: Jan. 09, 2025

  • 5.5

    MEDIUM
    CVE-2024-56761

    In the Linux kernel, the following vulnerability has been resolved: x86/fred: Clear WFE in missing-ENDBRANCH #CPs An indirect branch instruction sets the CPU indirect branch tracker (IBT) into WAIT_FOR_ENDBRANCH (WFE) state and WFE stays asserted across... Read more

    Affected Products : linux_kernel
    • Published: Jan. 06, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2024-56760

    In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Handle lack of irqdomain gracefully Alexandre observed a warning emitted from pci_msi_setup_msi_irqs() on a RISCV platform which does not provide PCI/MSI support: WARNING: CP... Read more

    Affected Products : linux_kernel
    • Published: Jan. 06, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2024-56759

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when COWing tree bock and tracing is enabled When a COWing a tree block, at btrfs_cow_block(), and we have the tracepoint trace_btrfs_cow_block() enabled and p... Read more

    Affected Products : linux_kernel
    • Published: Jan. 06, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293546 Results