Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.0

    HIGH
    CVE-2024-53554

    A Client-Side Template Injection (CSTI) vulnerability in the component /project/new/scrum of Taiga v 8.6.1 allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details.... Read more

    Affected Products :
    • Published: Nov. 25, 2024
    • Modified: Nov. 26, 2024

  • 5.5

    MEDIUM
    CVE-2024-53101

    In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized value issue in from_kuid and from_kgid ocfs2_setattr() uses attr->ia_mode, attr->ia_uid and attr->ia_gid in a trace point even though ATTR_MODE, ATTR_UID and ATTR_... Read more

    Affected Products : linux_kernel
    • Published: Nov. 25, 2024
    • Modified: Dec. 19, 2024

  • 4.7

    MEDIUM
    CVE-2024-53100

    In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queue_lock lock and destroy Commit 76d54bf20cdc ("nvme-tcp: don't access released socket during error recovery") added a mutex_lock() call for the queue->q... Read more

    Affected Products : linux_kernel
    • Published: Nov. 25, 2024
    • Modified: Dec. 24, 2024

  • 7.1

    HIGH
    CVE-2024-53099

    In the Linux kernel, the following vulnerability has been resolved: bpf: Check validity of link->type in bpf_link_show_fdinfo() If a newly-added link type doesn't invoke BPF_LINK_TYPE(), accessing bpf_link_type_strs[link->type] may result in an out-of-b... Read more

    Affected Products : linux_kernel
    • Published: Nov. 25, 2024
    • Modified: Jan. 09, 2025

  • 7.8

    HIGH
    CVE-2024-53098

    In the Linux kernel, the following vulnerability has been resolved: drm/xe/ufence: Prefetch ufence addr to catch bogus address access_ok() only checks for addr overflow so also try to read the addr to catch invalid addr sent from userspace. (cherry pic... Read more

    Affected Products : linux_kernel
    • Published: Nov. 25, 2024
    • Modified: Dec. 24, 2024

  • 5.5

    MEDIUM
    CVE-2024-53097

    In the Linux kernel, the following vulnerability has been resolved: mm: krealloc: Fix MTE false alarm in __do_krealloc This patch addresses an issue introduced by commit 1a83a716ec233 ("mm: krealloc: consider spare memory for __GFP_ZERO") which causes M... Read more

    Affected Products : linux_kernel
    • Published: Nov. 25, 2024
    • Modified: Dec. 24, 2024

  • 7.8

    HIGH
    CVE-2024-53096

    In the Linux kernel, the following vulnerability has been resolved: mm: resolve faulty mmap_region() error path behaviour The mmap_region() function is somewhat terrifying, with spaghetti-like control flow and numerous means by which issues can arise an... Read more

    Affected Products : linux_kernel
    • Published: Nov. 25, 2024
    • Modified: Jan. 07, 2025

  • 6.1

    MEDIUM
    CVE-2024-53556

    An Open Redirect vulnerability in Taiga v6.8.1 allows attackers to redirect users to arbitrary websites via appending a crafted link to /login?next= in the login page URL.... Read more

    Affected Products :
    • Published: Nov. 25, 2024
    • Modified: Nov. 27, 2024

  • 9.8

    CRITICAL
    CVE-2024-50672

    A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation o... Read more

    Affected Products :
    • Published: Nov. 25, 2024
    • Modified: Nov. 27, 2024

  • 4.3

    MEDIUM
    CVE-2024-50671

    Incorrect access control in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows attackers with Authenticated User roles to obtain email addresses via the "Get users" feature. The vulnerability occurs due to a flaw in permission verification logic, where ... Read more

    Affected Products :
    • Published: Nov. 25, 2024
    • Modified: Dec. 04, 2024

  • 8.8

    HIGH
    CVE-2024-53268

    Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In affected versions attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain... Read more

    Affected Products : joplin
    • Published: Nov. 25, 2024
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-53262

    SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. The static error.html template for errors contains placeholders that are replaced without escaping the content first. error.html is the page that is rendered... Read more

    Affected Products : sveltekit
    • Published: Nov. 25, 2024
    • Modified: Aug. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-53261

    SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. "Unsanitized input from *the request URL* flows into `end`, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scr... Read more

    Affected Products : sveltekit
    • Published: Nov. 25, 2024
    • Modified: Aug. 28, 2025

  • 7.1

    HIGH
    CVE-2024-53258

    Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the download_all_submissions fea... Read more

    Affected Products : autolab
    • Published: Nov. 25, 2024
    • Modified: Apr. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-53599

    A cross-site scripting (XSS) vulnerability in the /scroll.php endpoint of LafeLabs Chaos v0.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products :
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 5.4

    MEDIUM
    CVE-2024-53255

    BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. In affected versions a reflected Cross-site Scripting (XSS) vulnerability exists in the /admin?page=media endpoint in ... Read more

    Affected Products : boidcms
    • Published: Nov. 25, 2024
    • Modified: May. 07, 2025

  • 8.2

    HIGH
    CVE-2024-52811

    The ngtcp2 project is an effort to implement IETF QUIC protocol in C. In affected versions acks are not validated before being written to the qlog leading to a buffer overflow. In `ngtcp2_conn::conn_recv_pkt` for an ACK, there was new logic that got added... Read more

    Affected Products :
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 5.8

    MEDIUM
    CVE-2024-52529

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a sp... Read more

    Affected Products : cilium
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 4.6

    MEDIUM
    CVE-2024-51723

    A Stored Cross-Site Scripting (XSS) vulnerability in the Management Console of BlackBerry AtHoc version 7.15 could allow an attacker to potentially execute actions in the context of the victim's session.... Read more

    Affected Products : athoc
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 5.4

    MEDIUM
    CVE-2024-32468

    Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the `deno_doc` crate which lead to Self-XSS with deno doc --html. 1.) XSS in generated `search_index.js`, `deno_doc` outputs a JavaScr... Read more

    Affected Products : deno
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024
Showing 20 of 291608 Results