Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.7

    MEDIUM
    CVE-2024-53136

    In the Linux kernel, the following vulnerability has been resolved: mm: revert "mm: shmem: fix data-race in shmem_getattr()" Revert d949d1d14fa2 ("mm: shmem: fix data-race in shmem_getattr()") as suggested by Chuck [1]. It is causing deadlocks when acc... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2024
    • Modified: Dec. 14, 2024

  • 6.5

    MEDIUM
    CVE-2024-53135

    In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN Hide KVM's pt_mode module param behind CONFIG_BROKEN, i.e. disable support for virtualizing Intel PT via gu... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2024
    • Modified: Dec. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-53134

    In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx93-blk-ctrl: correct remove path The check condition should be 'i < bc->onecell_data.num_domains', not 'bc->onecell_data.num_domains' which will make the look never finish ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2024
    • Modified: Dec. 11, 2024

  • 7.8

    HIGH
    CVE-2024-53133

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Handle dml allocation failure to avoid crash [Why] In the case where a dml allocation fails for any reason, the current state's dml contexts would no longer be valid. T... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2024
    • Modified: Dec. 11, 2024

  • 5.5

    MEDIUM
    CVE-2024-53132

    In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix "Missing outer runtime PM protection" warning Fix the following drm_WARN: [953.586396] xe 0000:00:02.0: [drm] Missing outer runtime PM protection ... <4> [953.587090] ?... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2024
    • Modified: Dec. 11, 2024

  • 5.5

    MEDIUM
    CVE-2024-53131

    In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint Patch series "nilfs2: fix null-ptr-deref bugs on block tracepoints". This series fixes null pointer dereference bugs that oc... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2024
    • Modified: Dec. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-53130

    In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint When using the "block:block_dirty_buffer" tracepoint, mark_buffer_dirty() may cause a NULL pointer dereference, or a general ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2024
    • Modified: Dec. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-53129

    In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop: Fix a dereferenced before check warning The 'state' can't be NULL, we should check crtc_state. Fix warning: drivers/gpu/drm/rockchip/rockchip_drm_vop.c:1096 vop_plan... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2024
    • Modified: Dec. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-53128

    In the Linux kernel, the following vulnerability has been resolved: sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers When CONFIG_KASAN_SW_TAGS and CONFIG_KASAN_STACK are enabled, the object_is_on_stack() function may produce incorrec... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2024
    • Modified: May. 02, 2025

  • 5.5

    MEDIUM
    CVE-2024-53127

    In the Linux kernel, the following vulnerability has been resolved: Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" The commit 8396c793ffdf ("mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K") increased the max_req_size, ev... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2024
    • Modified: Dec. 14, 2024

  • 7.8

    HIGH
    CVE-2024-53126

    In the Linux kernel, the following vulnerability has been resolved: vdpa: solidrun: Fix UB bug with devres In psnet_open_pf_bar() and snet_open_vf_bar() a string later passed to pcim_iomap_regions() is placed on the stack. Neither pcim_iomap_regions() n... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2024
    • Modified: Dec. 11, 2024

  • 5.4

    MEDIUM
    CVE-2024-40745

    Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8.... Read more

    Affected Products : convert_forms
    • Published: Dec. 04, 2024
    • Modified: Jun. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-40744

    Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8.... Read more

    Affected Products : convert_forms
    • Published: Dec. 04, 2024
    • Modified: Jun. 04, 2025

  • 2.3

    LOW
    CVE-2024-12056

    The Client secret is not checked when using the OAuth Password grant type. By exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly authorized as part of the OAuth deployment. Exploitation requ... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 5.3

    MEDIUM
    CVE-2024-7488

    Improper Input Validation vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks.This issue affects Online Ordering System: 8.2.1.  NOTE: Vulnerability fixed in version 8.2.2 and does not exist before 8.2.1.... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 05, 2024

  • 0.0

    NA
    CVE-2024-53125

    In the Linux kernel, the following vulnerability has been resolved: bpf: sync_linked_regs() must preserve subreg_def Range propagation must not affect subreg_def marks, otherwise the following example is rewritten by verifier incorrectly when BPF_F_TEST... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2024
    • Modified: Dec. 19, 2024

  • 8.8

    HIGH
    CVE-2024-51465

    IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.... Read more

    • Published: Dec. 04, 2024
    • Modified: Aug. 14, 2025

  • 6.5

    MEDIUM
    CVE-2024-12138

    A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. The manipulation leads to d... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-11935

    The Email Address Obfuscation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for au... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-8962

    The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possi... Read more

    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024
Showing 20 of 291946 Results