Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-30963

    Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via a crafted script.... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 06, 2024

  • 7.8

    HIGH
    CVE-2024-30962

    Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the nav2_amcl process... Read more

    • Published: Dec. 05, 2024
    • Modified: Jan. 09, 2025

  • 7.8

    HIGH
    CVE-2024-30961

    Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator.... Read more

    • Published: Dec. 05, 2024
    • Modified: Dec. 18, 2024

  • 6.7

    MEDIUM
    CVE-2018-9391

    In update_gps_sv and output_vzw_debug of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/gpshal_wor ker.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privileg... Read more

    Affected Products : android
    • Published: Dec. 05, 2024
    • Modified: Dec. 19, 2024

  • 6.7

    MEDIUM
    CVE-2018-9390

    In procfile_write of gl_proc.c, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not n... Read more

    Affected Products : android
    • Published: Dec. 05, 2024
    • Modified: Dec. 19, 2024

  • 9.8

    CRITICAL
    CVE-2018-9388

    In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or integer underflows. These could lead to escalation of privilege.... Read more

    Affected Products : android
    • Published: Dec. 05, 2024
    • Modified: Dec. 19, 2024

  • 6.7

    MEDIUM
    CVE-2018-9386

    In reboot_block_command of htc reboot_block driver, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not need... Read more

    Affected Products : android
    • Published: Dec. 05, 2024
    • Modified: Dec. 19, 2024

  • 2.1

    LOW
    CVE-2024-54140

    sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 5.4

    MEDIUM
    CVE-2024-53457

    A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name parameter.... Read more

    Affected Products : librenms
    • Published: Dec. 05, 2024
    • Modified: Apr. 07, 2025

  • 6.7

    MEDIUM
    CVE-2017-13308

    In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction ... Read more

    Affected Products : android
    • Published: Dec. 05, 2024
    • Modified: Dec. 19, 2024

  • 7.5

    HIGH
    CVE-2024-53523

    JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is vulnerable to Directory Traversal in the find_by_file function.... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 11, 2024

  • 8.4

    HIGH
    CVE-2024-53589

    GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library's handling of tekhex format files.... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2024-53442

    whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component.... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-41579

    DTStack Taier 1.4.0 allows remote attackers to specify the jobName parameter in the console listNames function to cause a SQL injection vulnerability... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 11, 2024

  • 8.7

    HIGH
    CVE-2024-11148

    In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request.... Read more

    Affected Products : openbsd openbsd
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 5.0

    MEDIUM
    CVE-2024-10933

    In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems.... Read more

    Affected Products : openbsd openbsd
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 9.1

    CRITICAL
    CVE-2023-50913

    Oxide control plane software before 5 allows SSRF.... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 11, 2024

  • 9.8

    CRITICAL
    CVE-2023-48010

    STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access t... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 11, 2024

  • 6.5

    MEDIUM
    CVE-2024-12235

    A vulnerability was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 1.0.0. It has been declared as critical. Affected by this vulnerability is the function doFilter of the file \agile-bpm-basic-master\ab-auth\ab-auth-spring-security... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 8.5

    HIGH
    CVE-2024-12130

    An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor c... Read more

    Affected Products : arena arena_simulation
    • Published: Dec. 05, 2024
    • Modified: Dec. 17, 2024
Showing 20 of 291918 Results