Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-53044

    In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_api: fix xa_insert() error path in tcf_block_get_ext() This command: $ tc qdisc replace dev eth0 ingress_block 1 egress_block 1 clsact Error: block dev insert failed: -E... Read more

    Affected Products : linux_kernel
    • Published: Nov. 19, 2024
    • Modified: Nov. 27, 2024

  • 5.5

    MEDIUM
    CVE-2024-53043

    In the Linux kernel, the following vulnerability has been resolved: mctp i2c: handle NULL header address daddr can be NULL if there is no neighbour table entry present, in that case the tx packet should be dropped. saddr will usually be set by MCTP cor... Read more

    Affected Products : linux_kernel
    • Published: Nov. 19, 2024
    • Modified: Nov. 22, 2024

  • 5.5

    MEDIUM
    CVE-2024-53042

    In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() There are code paths from which the function is called without holding the RCU read lock, resulting in a suspi... Read more

    Affected Products : linux_kernel
    • Published: Nov. 19, 2024
    • Modified: Nov. 27, 2024

  • 5.5

    MEDIUM
    CVE-2024-50304

    In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() The per-netns IP tunnel hash table is protected by the RTNL mutex and ip_tunnel_find() is only called from the cont... Read more

    Affected Products : linux_kernel
    • Published: Nov. 19, 2024
    • Modified: Feb. 02, 2025

  • 5.5

    MEDIUM
    CVE-2024-50303

    In the Linux kernel, the following vulnerability has been resolved: resource,kexec: walk_system_ram_res_rev must retain resource flags walk_system_ram_res_rev() erroneously discards resource flags when passing the information to the callback. This caus... Read more

    Affected Products : linux_kernel
    • Published: Nov. 19, 2024
    • Modified: Nov. 27, 2024

  • 7.8

    HIGH
    CVE-2024-48992

    Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable.... Read more

    Affected Products : needrestart
    • Published: Nov. 19, 2024
    • Modified: Jul. 03, 2025

  • 7.8

    HIGH
    CVE-2024-48991

    Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system's real Python inte... Read more

    Affected Products : needrestart
    • Published: Nov. 19, 2024
    • Modified: Jul. 03, 2025

  • 7.8

    HIGH
    CVE-2024-48990

    Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.... Read more

    Affected Products : needrestart
    • Published: Nov. 19, 2024
    • Modified: Jul. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-48072

    Weaver Ecology v9.* was discovered to contain a SQL injection vulnerability via the component /mobilemode/Action.jsp?invoker=com.weaver.formmodel.mobile.mec.servlet.MECAction&action=getFieldTriggerValue&searchField=*&fromTable=HrmResourceManager&whereClau... Read more

    Affected Products : e-cology
    • Published: Nov. 19, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-48070

    An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code execution, and control server privileges... Read more

    Affected Products : e-cology
    • Published: Nov. 19, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-48069

    A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges... Read more

    Affected Products : e-cology
    • Published: Nov. 19, 2024
    • Modified: Jun. 05, 2025

  • 10.0

    CRITICAL
    CVE-2024-42450

    The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By d... Read more

    Affected Products : versa_director
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 7.8

    HIGH
    CVE-2024-11003

    Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modu... Read more

    Affected Products : needrestart
    • Published: Nov. 19, 2024
    • Modified: Jul. 03, 2025

  • 7.8

    HIGH
    CVE-2024-10224

    Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by pas... Read more

    Affected Products : debian_linux modules\
    • Published: Nov. 19, 2024
    • Modified: Aug. 26, 2025

  • 7.8

    HIGH
    CVE-2023-21270

    In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with... Read more

    Affected Products : android
    • Published: Nov. 19, 2024
    • Modified: Dec. 18, 2024

  • 5.4

    MEDIUM
    CVE-2022-47424

    Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 7.8

    HIGH
    CVE-2018-9338

    In ResStringPool::setTo of ResourceTypes.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploi... Read more

    Affected Products : android
    • Published: Nov. 19, 2024
    • Modified: Nov. 22, 2024

  • 7.8

    HIGH
    CVE-2017-13315

    In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to an elevation of privileges where the user can start an activity with system privileges, with no additional execution... Read more

    Affected Products : android
    • Published: Nov. 19, 2024
    • Modified: Dec. 18, 2024

  • 8.0

    HIGH
    CVE-2024-52789

    Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.... Read more

    Affected Products : w30e_firmware w30e
    • Published: Nov. 19, 2024
    • Modified: Apr. 07, 2025

  • 8.0

    HIGH
    CVE-2024-52788

    Tenda W9 v1.0.0.7(4456) was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.... Read more

    Affected Products : w9_firmware w9
    • Published: Nov. 19, 2024
    • Modified: Apr. 07, 2025
Showing 20 of 291401 Results