Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-52919

    Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages.... Read more

    Affected Products : bitcoin_core
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-52918

    Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption and application crash) via a BIP21 r parameter for a URL that has a large file.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-52917

    Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device.... Read more

    Affected Products : bitcoin_core
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2024-52916

    Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers.... Read more

    Affected Products : bitcoin_core
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2024-52915

    Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message.... Read more

    Affected Products : bitcoin_core
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2024-52914

    In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction.... Read more

    Affected Products : bitcoin_core
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-52913

    In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled.... Read more

    Affected Products : bitcoin_core
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2024-52912

    Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly connecting peers) and an abs64 logic bug.... Read more

    Affected Products : bitcoin_core
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-38828

    Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.... Read more

    Affected Products : spring_framework
    • Published: Nov. 18, 2024
    • Modified: May. 09, 2025

  • 7.5

    HIGH
    CVE-2019-25220

    Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a flood of low-difficulty header chains (aka a "Chain Width Expansion" attack) because a node does not first verify that a presented chain has enough work b... Read more

    Affected Products : bitcoin_core
    • Published: Nov. 18, 2024
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2015-20111

    miniupnp before 4c90b87, as used in Bitcoin Core before 0.12 and other products, lacks checks for snprintf return values, leading to a buffer overflow and significant data leak, a different vulnerability than CVE-2019-12107. In Bitcoin Core before 0.12, r... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 6.9

    MEDIUM
    CVE-2024-11306

    A vulnerability, which was classified as critical, has been found in Altenergy Power Control Software up to 20241108. This issue affects some unknown processing of the file /index.php/display/database/. The manipulation leads to improper authorization. Th... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-11305

    A vulnerability classified as critical was found in Altenergy Power Control Software up to 20241108. This vulnerability affects the function get_status_zigbee of the file /index.php/display/status_zigbee. The manipulation of the argument date leads to sql... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2023-43091

    A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code.... Read more

    Affected Products : gnome-maps
    • Published: Nov. 17, 2024
    • Modified: Aug. 06, 2025

  • 7.7

    HIGH
    CVE-2024-0793

    A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.... Read more

    Affected Products : kubernetes
    • Published: Nov. 17, 2024
    • Modified: Nov. 18, 2024

  • 5.5

    MEDIUM
    CVE-2023-6110

    A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials.... Read more

    Affected Products : openstack_platform glance-store
    • Published: Nov. 17, 2024
    • Modified: Dec. 05, 2024

  • 7.4

    HIGH
    CVE-2023-4639

    A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional... Read more

    Affected Products : undertow
    • Published: Nov. 17, 2024
    • Modified: Feb. 07, 2025

  • 5.9

    MEDIUM
    CVE-2023-1419

    A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized d... Read more

    Affected Products :
    • Published: Nov. 17, 2024
    • Modified: Nov. 18, 2024

  • 3.4

    LOW
    CVE-2023-0657

    A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside ... Read more

    Affected Products : keycloak build_of_keycloak
    • Published: Nov. 17, 2024
    • Modified: Nov. 18, 2024

  • 7.5

    HIGH
    CVE-2020-25720

    A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. Th... Read more

    Affected Products : samba
    • Published: Nov. 17, 2024
    • Modified: Nov. 18, 2024
Showing 20 of 291722 Results