Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-42392

    Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters.... Read more

    Affected Products : mongoose
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 5.3

    MEDIUM
    CVE-2024-42391

    Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.... Read more

    Affected Products : mongoose
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 5.3

    MEDIUM
    CVE-2024-42390

    Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.... Read more

    Affected Products : mongoose
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 5.3

    MEDIUM
    CVE-2024-42389

    Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.... Read more

    Affected Products : mongoose
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 5.3

    MEDIUM
    CVE-2024-42388

    Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.... Read more

    Affected Products : mongoose
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 5.3

    MEDIUM
    CVE-2024-42387

    Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.... Read more

    Affected Products : mongoose
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 8.2

    HIGH
    CVE-2024-42386

    Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.... Read more

    Affected Products : mongoose
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 7.0

    HIGH
    CVE-2024-42385

    Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters.... Read more

    Affected Products : mongoose
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 7.5

    HIGH
    CVE-2024-42384

    Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.... Read more

    Affected Products : mongoose
    • Published: Nov. 18, 2024
    • Modified: Jan. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-42383

    Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field.... Read more

    Affected Products : mongoose
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 7.1

    HIGH
    CVE-2024-41974

    A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Aug. 27, 2025

  • 8.1

    HIGH
    CVE-2024-41973

    A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Aug. 27, 2025

  • 6.5

    MEDIUM
    CVE-2024-41972

    A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Aug. 27, 2025

  • 8.1

    HIGH
    CVE-2024-41971

    A low privileged remote attacker can overwrite an arbitrary file on the filesystem leading to a DoS and data loss.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Aug. 27, 2025

  • 5.7

    MEDIUM
    CVE-2024-41970

    A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Aug. 27, 2025

  • 7.5

    HIGH
    CVE-2023-39180

    A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installation... Read more

    Affected Products : linux_kernel
    • Published: Nov. 18, 2024
    • Modified: Aug. 06, 2025

  • 7.5

    HIGH
    CVE-2023-39179

    A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage thi... Read more

    Affected Products : linux_kernel
    • Published: Nov. 18, 2024
    • Modified: Aug. 06, 2025

  • 7.5

    HIGH
    CVE-2023-39176

    A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An at... Read more

    Affected Products : linux_kernel
    • Published: Nov. 18, 2024
    • Modified: Aug. 06, 2025

  • 8.9

    HIGH
    CVE-2024-48962

    Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users ... Read more

    Affected Products : ofbiz
    • Published: Nov. 18, 2024
    • Modified: Feb. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-47208

    Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue.... Read more

    Affected Products : ofbiz
    • Published: Nov. 18, 2024
    • Modified: Jun. 24, 2025
Showing 20 of 291712 Results