Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.2

    MEDIUM
    CVE-2024-10978

    Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The pro... Read more

    Affected Products : debian_linux postgresql
    • Published: Nov. 14, 2024
    • Modified: Feb. 20, 2025

  • 3.7

    LOW
    CVE-2024-10977

    Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a h... Read more

    Affected Products : postgresql
    • Published: Nov. 14, 2024
    • Modified: Feb. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-10976

    Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases ... Read more

    Affected Products : postgresql
    • Published: Nov. 14, 2024
    • Modified: May. 09, 2025

  • 7.8

    HIGH
    CVE-2024-7730

    A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds... Read more

    Affected Products : qemu
    • Published: Nov. 14, 2024
    • Modified: Aug. 05, 2025

  • 8.1

    HIGH
    CVE-2024-45670

    IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism.... Read more

    Affected Products : soar
    • Published: Nov. 14, 2024
    • Modified: Nov. 16, 2024

  • 5.3

    MEDIUM
    CVE-2024-45642

    IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tr... Read more

    Affected Products : linux_kernel security_qradar_edr
    • Published: Nov. 14, 2024
    • Modified: Nov. 16, 2024

  • 4.8

    MEDIUM
    CVE-2024-45099

    IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tr... Read more

    Affected Products : linux_kernel security_qradar_edr
    • Published: Nov. 14, 2024
    • Modified: Nov. 16, 2024

  • 6.0

    MEDIUM
    CVE-2024-3447

    A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to cr... Read more

    Affected Products : qemu hci_compute_node
    • Published: Nov. 14, 2024
    • Modified: Aug. 05, 2025

  • 7.5

    HIGH
    CVE-2023-4458

    A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage thi... Read more

    Affected Products : linux_kernel
    • Published: Nov. 14, 2024
    • Modified: Aug. 19, 2025

  • 7.4

    HIGH
    CVE-2022-31671

    Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authent... Read more

    Affected Products : harbor
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 7.7

    HIGH
    CVE-2022-31670

    Harbor fails to validate the user permissions when updating tag retention policies.  By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker cou... Read more

    Affected Products : harbor
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 7.7

    HIGH
    CVE-2022-31669

    Harbor fails to validate the user permissions when updating tag immutability policies.  By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attack... Read more

    Affected Products : harbor
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 7.7

    HIGH
    CVE-2022-31668

    Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could mod... Read more

    Affected Products : harbor
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 6.4

    MEDIUM
    CVE-2022-31667

    Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to.  By sending a request that attempts to update a robot account, and specifying a robot account id and... Read more

    Affected Products : harbor
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 7.7

    HIGH
    CVE-2022-31666

    Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users.  The attacker could modify Webhook policies configured in other projects.... Read more

    Affected Products : harbor
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 8.8

    HIGH
    CVE-2024-9693

    An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluste... Read more

    Affected Products : gitlab
    • Published: Nov. 14, 2024
    • Modified: Nov. 26, 2024

  • 5.4

    MEDIUM
    CVE-2024-8180

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled.... Read more

    Affected Products : gitlab
    • Published: Nov. 14, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-10571

    The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary ... Read more

    Affected Products : chartify
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 5.5

    MEDIUM
    CVE-2023-4134

    A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue. This could allow a local user to crash the system... Read more

    Affected Products : linux_kernel fedora
    • Published: Nov. 14, 2024
    • Modified: Nov. 18, 2024

  • 8.7

    HIGH
    CVE-2024-9472

    A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specif... Read more

    Affected Products : pan-os
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024
Showing 20 of 291641 Results