Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-53859

    go-gh is a Go module for interacting with the `gh` utility and the GitHub API from the command line. A security vulnerability has been identified in `go-gh` that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a ... Read more

    Affected Products :
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 6.5

    MEDIUM
    CVE-2024-53858

    The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing `git` submodules hosted outside of GitHub.com and ghe.com. This vu... Read more

    Affected Products : cli
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 6.8

    MEDIUM
    CVE-2024-53260

    Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name... Read more

    Affected Products : autolab
    • Published: Nov. 27, 2024
    • Modified: Apr. 21, 2025

  • 6.5

    MEDIUM
    CVE-2018-9350

    In ih264d_assign_pic_num of ih264d_utils.c there is a possible out of bound read due to missing bounds check. This could lead to a denial of service with no additional execution privileges needed. User interaction is needed for exploitation.... Read more

    Affected Products : android
    • Published: Nov. 27, 2024
    • Modified: Dec. 18, 2024

  • 6.5

    MEDIUM
    CVE-2018-9349

    In mv_err_cost of mcomp.c there is a possible out of bounds read due to missing bounds check. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.... Read more

    Affected Products : android
    • Published: Nov. 27, 2024
    • Modified: Dec. 18, 2024

  • 8.4

    HIGH
    CVE-2017-13323

    In String16 of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for... Read more

    Affected Products : android
    • Published: Nov. 27, 2024
    • Modified: Dec. 18, 2024

  • 6.2

    MEDIUM
    CVE-2017-13321

    In SensorService::isDataInjectionEnabled of frameworks/native/services/sensorservice/SensorService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution priv... Read more

    Affected Products : android
    • Published: Nov. 27, 2024
    • Modified: Dec. 18, 2024

  • 6.5

    MEDIUM
    CVE-2017-13320

    In impeg2d_bit_stream_flush() of libmpeg2dec there is a possible OOB read due to a missing bounds check. This could lead to Remote DoS with no additional execution privileges needed. User interaction is needed for exploitation.... Read more

    Affected Products : android
    • Published: Nov. 27, 2024
    • Modified: Dec. 18, 2024

  • 7.5

    HIGH
    CVE-2017-13319

    In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp, there is a possible buffer overread due to a missing bounds check. This could lead to remote information disclosure of global static variables with no additional execution privileges needed. Use... Read more

    Affected Products : android
    • Published: Nov. 27, 2024
    • Modified: Dec. 18, 2024

  • 8.4

    HIGH
    CVE-2017-13316

    In checkPermissions of RecognitionService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e... Read more

    Affected Products : android
    • Published: Nov. 27, 2024
    • Modified: Dec. 18, 2024

  • 1.9

    LOW
    CVE-2024-53855

    Centurion ERP (Enterprise Rescource Planning) is a simple application developed to provide open source IT management with a large emphasis on the IT Service Management (ITSM) modules. A user who is authenticated and has view permissions for a ticket, can ... Read more

    Affected Products : centurion_erp
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 5.1

    MEDIUM
    CVE-2024-53264

    bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the "next" parameter. The loadi... Read more

    Affected Products :
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 7.5

    HIGH
    CVE-2024-47181

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the two RPL implementations of the Contiki-NG operating system. The problem can occur when either one of these RPL implementation... Read more

    Affected Products : contiki-ng
    • Published: Nov. 27, 2024
    • Modified: Apr. 10, 2025

  • 9.6

    CRITICAL
    CVE-2024-41126

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the... Read more

    Affected Products : contiki-ng
    • Published: Nov. 27, 2024
    • Modified: Apr. 10, 2025

  • 9.6

    CRITICAL
    CVE-2024-41125

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the... Read more

    Affected Products : contiki-ng
    • Published: Nov. 27, 2024
    • Modified: Apr. 10, 2025

  • 8.7

    HIGH
    CVE-2023-29001

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. The Contiki-NG operating system processes source routing headers (SRH) in its two alternative RPL protocol implementations. The IPv6 implementation uses the results of this pro... Read more

    Affected Products : contiki-ng
    • Published: Nov. 27, 2024
    • Modified: Apr. 10, 2025

  • 9.6

    CRITICAL
    CVE-2024-9369

    Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Nov. 27, 2024
    • Modified: Jan. 02, 2025

  • 8.8

    HIGH
    CVE-2024-7025

    Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Nov. 27, 2024
    • Modified: Jan. 02, 2025

  • 4.3

    MEDIUM
    CVE-2024-54004

    Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system.... Read more

    Affected Products : filesystem_list_parameter
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 8.0

    HIGH
    CVE-2024-54003

    Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission.... Read more

    Affected Products :
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024
Showing 20 of 291573 Results