Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-56765

    In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/vas: Add close() callback in vas_vm_ops struct The mapping VMA address is saved in VAS window struct when the paste address is mapped. This VMA address is used during mi... Read more

    Affected Products : linux_kernel
    • Published: Jan. 06, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-56764

    In the Linux kernel, the following vulnerability has been resolved: ublk: detach gendisk from ublk device if add_disk() fails Inside ublk_abort_requests(), gendisk is grabbed for aborting all inflight requests. And ublk_abort_requests() is called when e... Read more

    Affected Products : linux_kernel
    • Published: Jan. 06, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2024-56763

    In the Linux kernel, the following vulnerability has been resolved: tracing: Prevent bad count for tracing_cpumask_write If a large count is provided, it will trigger a warning in bitmap_parse_user. Also check zero for it.... Read more

    Affected Products : linux_kernel
    • Published: Jan. 06, 2025
    • Modified: Jan. 09, 2025

  • 5.5

    MEDIUM
    CVE-2024-56761

    In the Linux kernel, the following vulnerability has been resolved: x86/fred: Clear WFE in missing-ENDBRANCH #CPs An indirect branch instruction sets the CPU indirect branch tracker (IBT) into WAIT_FOR_ENDBRANCH (WFE) state and WFE stays asserted across... Read more

    Affected Products : linux_kernel
    • Published: Jan. 06, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2024-56760

    In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Handle lack of irqdomain gracefully Alexandre observed a warning emitted from pci_msi_setup_msi_irqs() on a RISCV platform which does not provide PCI/MSI support: WARNING: CP... Read more

    Affected Products : linux_kernel
    • Published: Jan. 06, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2024-56759

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when COWing tree bock and tracing is enabled When a COWing a tree block, at btrfs_cow_block(), and we have the tracepoint trace_btrfs_cow_block() enabled and p... Read more

    Affected Products : linux_kernel
    • Published: Jan. 06, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2024-56758

    In the Linux kernel, the following vulnerability has been resolved: btrfs: check folio mapping after unlock in relocate_one_folio() When we call btrfs_read_folio() to bring a folio uptodate, we unlock the folio. The result of that is that a different th... Read more

    Affected Products : linux_kernel
    • Published: Jan. 06, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Race Condition

  • 5.5

    MEDIUM
    CVE-2024-56757

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: add intf release flow when usb disconnect MediaTek claim an special usb intr interface for ISO data transmission. The interface need to be released before un... Read more

    Affected Products : linux_kernel
    • Published: Jan. 06, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-55605

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the to_lowercase, to_uppercase, strip_whitespace, compress_whitespace, dotprefix, header_lowercas... Read more

    Affected Products : suricata
    • Published: Jan. 06, 2025
    • Modified: Mar. 31, 2025
    • Vuln Type: Denial of Service

  • 3.1

    LOW
    CVE-2024-51472

    IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensiti... Read more

    Affected Products : urbancode_deploy devops_deploy
    • Published: Jan. 06, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2024-47475

    Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to denial of service.... Read more

    Affected Products : powerscale_onefs
    • Published: Jan. 06, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2023-6605

    A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.... Read more

    Affected Products : ffmpeg
    • Published: Jan. 06, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2023-6604

    A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format ... Read more

    Affected Products : ffmpeg
    • Published: Jan. 06, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Denial of Service

  • 4.7

    MEDIUM
    CVE-2023-6601

    A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.... Read more

    Affected Products : ffmpeg
    • Published: Jan. 06, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-21612

    TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-21611

    tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access t... Read more

    Affected Products : tgstation-server
    • Published: Jan. 06, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-21604

    LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.5.0.... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 06, 2025
    • Vuln Type: Cryptography

  • 6.1

    MEDIUM
    CVE-2024-51112

    Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script... Read more

    Affected Products : pnetlab
    • Published: Jan. 06, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Misconfiguration

  • 4.1

    MEDIUM
    CVE-2024-51111

    Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser.... Read more

    Affected Products : pnetlab
    • Published: Jan. 06, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-31914

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended func... Read more

    • Published: Jan. 06, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293592 Results