Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-12272

    The WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.7 via several widgets. This makes it possible for a... Read more

    Affected Products :
    • Published: Dec. 25, 2024
    • Modified: Dec. 25, 2024

  • 4.3

    MEDIUM
    CVE-2024-12190

    The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bitform-form-entry-edit ... Read more

    Affected Products : contact_form_builder
    • Published: Dec. 25, 2024
    • Modified: Dec. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-12032

    The Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking plugin for WordPress is vulnerable to SQL Injection via the 'enquiry_id' parameter of the 'tf_enquiry_reply_email_callback' function in all ver... Read more

    Affected Products : tourfic tourfic
    • Published: Dec. 25, 2024
    • Modified: Jun. 05, 2025

  • 6.7

    MEDIUM
    CVE-2022-21505

    In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure B... Read more

    Affected Products : linux
    • Published: Dec. 24, 2024
    • Modified: Jun. 18, 2025

  • 8.2

    HIGH
    CVE-2019-2483

    Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows... Read more

    Affected Products : istore
    • Published: Dec. 24, 2024
    • Modified: Jun. 23, 2025

  • 8.6

    HIGH
    CVE-2024-12746

    A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 (Windows or Linux) allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.6.0 or revert to driver ver... Read more

    Affected Products :
    • Published: Dec. 24, 2024
    • Modified: Dec. 26, 2024

  • 8.6

    HIGH
    CVE-2024-12745

    A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the get_schemas, get_tables, or get_columns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver versi... Read more

    Affected Products :
    • Published: Dec. 24, 2024
    • Modified: Dec. 26, 2024

  • 8.6

    HIGH
    CVE-2024-12744

    A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30... Read more

    Affected Products :
    • Published: Dec. 24, 2024
    • Modified: Dec. 26, 2024

  • 5.5

    MEDIUM
    CVE-2024-53163

    In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat_420xx - fix off by one in uof_get_name() This is called from uof_get_name_420xx() where "num_objs" is the ARRAY_SIZE() of fw_objs[]. The > needs to be >= to prevent an ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2024
    • Modified: Mar. 06, 2025

  • 7.1

    HIGH
    CVE-2024-53162

    In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat_4xxx - fix off by one in uof_get_name() The fw_objs[] array has "num_objs" elements so the > needs to be >= to prevent an out of bounds read.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2024
    • Modified: Mar. 06, 2025

  • 5.5

    MEDIUM
    CVE-2024-53161

    In the Linux kernel, the following vulnerability has been resolved: EDAC/bluefield: Fix potential integer overflow The 64-bit argument for the "get DIMM info" SMC call consists of mem_ctrl_idx left-shifted 16 bits and OR-ed with DIMM index. With mem_ct... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2024
    • Modified: Feb. 03, 2025

  • 0.0

    NA
    CVE-2024-53160

    In the Linux kernel, the following vulnerability has been resolved: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu KCSAN reports a data race when access the krcp->monitor_work.timer.expires variable in the schedule_delayed_monitor_work() fun... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2024
    • Modified: Dec. 24, 2024

  • 0.0

    NA
    CVE-2024-53158

    In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() This loop is supposed to break if the frequency returned from clk_round_rate() is the same as on the previous iteration.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2024
    • Modified: Dec. 24, 2024

  • 5.5

    MEDIUM
    CVE-2024-53157

    In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Fix a kernel crash with the below call trace when the SCPI firmware returns OPP count of zero. dvfs_info.opp_count... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2024
    • Modified: Jan. 07, 2025

  • 7.8

    HIGH
    CVE-2024-53156

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htc... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2024
    • Modified: Jan. 07, 2025

  • 7.1

    HIGH
    CVE-2024-53155

    In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix uninitialized value in ocfs2_file_read_iter() Syzbot has reported the following KMSAN splat: BUG: KMSAN: uninit-value in ocfs2_file_read_iter+0x9a4/0xf80 ocfs2_file_read_it... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2024
    • Modified: Jan. 07, 2025

  • 5.5

    MEDIUM
    CVE-2024-53154

    In the Linux kernel, the following vulnerability has been resolved: clk: clk-apple-nco: Add NULL check in applnco_probe Add NULL check in applnco_probe, to handle kernel NULL pointer dereference error.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2024
    • Modified: Jan. 07, 2025

  • 0.0

    NA
    CVE-2024-53153

    In the Linux kernel, the following vulnerability has been resolved: PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert() Currently, the endpoint cleanup function dw_pcie_ep_cleanup() and EPF deinit notify function pci_epc_deinit_notify()... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2024
    • Modified: Dec. 24, 2024

  • 0.0

    NA
    CVE-2024-53152

    In the Linux kernel, the following vulnerability has been resolved: PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert() Currently, the endpoint cleanup function dw_pcie_ep_cleanup() and EPF deinit notify function pci_epc_deinit_no... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2024
    • Modified: Dec. 24, 2024

  • 5.5

    MEDIUM
    CVE-2024-53151

    In the Linux kernel, the following vulnerability has been resolved: svcrdma: Address an integer overflow Dan Carpenter reports: > Commit 78147ca8b4a9 ("svcrdma: Add a "parsed chunk list" data > structure") from Jun 22, 2020 (linux-next), leads to the fo... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2024
    • Modified: Jan. 07, 2025
Showing 20 of 293414 Results