Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-56758

    In the Linux kernel, the following vulnerability has been resolved: btrfs: check folio mapping after unlock in relocate_one_folio() When we call btrfs_read_folio() to bring a folio uptodate, we unlock the folio. The result of that is that a different th... Read more

    Affected Products : linux_kernel
    • Published: Jan. 06, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Race Condition

  • 5.5

    MEDIUM
    CVE-2024-56757

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: add intf release flow when usb disconnect MediaTek claim an special usb intr interface for ISO data transmission. The interface need to be released before un... Read more

    Affected Products : linux_kernel
    • Published: Jan. 06, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-55605

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the to_lowercase, to_uppercase, strip_whitespace, compress_whitespace, dotprefix, header_lowercas... Read more

    Affected Products : suricata
    • Published: Jan. 06, 2025
    • Modified: Mar. 31, 2025
    • Vuln Type: Denial of Service

  • 3.1

    LOW
    CVE-2024-51472

    IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensiti... Read more

    Affected Products : urbancode_deploy devops_deploy
    • Published: Jan. 06, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2024-47475

    Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to denial of service.... Read more

    Affected Products : powerscale_onefs
    • Published: Jan. 06, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2023-6605

    A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.... Read more

    Affected Products : ffmpeg
    • Published: Jan. 06, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2023-6604

    A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format ... Read more

    Affected Products : ffmpeg
    • Published: Jan. 06, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Denial of Service

  • 4.7

    MEDIUM
    CVE-2023-6601

    A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.... Read more

    Affected Products : ffmpeg
    • Published: Jan. 06, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-21612

    TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-21611

    tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access t... Read more

    Affected Products : tgstation-server
    • Published: Jan. 06, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-21604

    LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.5.0.... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 06, 2025
    • Vuln Type: Cryptography

  • 6.1

    MEDIUM
    CVE-2024-51112

    Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script... Read more

    Affected Products : pnetlab
    • Published: Jan. 06, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Misconfiguration

  • 4.1

    MEDIUM
    CVE-2024-51111

    Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser.... Read more

    Affected Products : pnetlab
    • Published: Jan. 06, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-31914

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended func... Read more

    • Published: Jan. 06, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2024-31913

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended func... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Jan. 06, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-8474

    OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic... Read more

    Affected Products : connect
    • Published: Jan. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2024-5594

    OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.... Read more

    Affected Products : openvpn
    • Published: Jan. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Information Disclosure

  • 3.9

    LOW
    CVE-2024-12970

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TUBITAK BILGEM Pardus OS My Computer allows OS Command Injection.This issue affects Pardus OS My Computer: before 0.7.2.... Read more

    Affected Products : liderahenk parduslinux
    • Published: Jan. 06, 2025
    • Modified: Jan. 06, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2024-45559

    Transient DOS can occur when GVM sends a specific message type to the Vdev-FastRPC backend.... Read more

    • Published: Jan. 06, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-45558

    Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.... Read more

    • Published: Jan. 06, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Denial of Service
Showing 20 of 293566 Results