Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.5

    HIGH
    CVE-2024-22185

    Time-of-check Time-of-use Race Condition in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 5.7

    MEDIUM
    CVE-2024-21853

    Improper finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel(R) Xeon(R) Processors may allow an authorized user to potentially enable denial of service via local access.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 8.3

    HIGH
    CVE-2024-21850

    Sensitive information in resource not removed before reuse in some Intel(R) TDX Seamldr module software before version 1.5.02.00 may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    Affected Products : tdx_module_software
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 8.5

    HIGH
    CVE-2024-21820

    Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 4.2

    MEDIUM
    CVE-2024-21808

    Improper buffer restrictions in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 7.1

    HIGH
    CVE-2024-21799

    Path traversal for some Intel(R) Extension for Transformers software before version 1.5 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 4.8

    MEDIUM
    CVE-2024-21783

    Integer overflow for some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-11193

    An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potential... Read more

    Affected Products : yugabytedb
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 5.4

    MEDIUM
    CVE-2024-42834

    A stored cross-site scripting (XSS) vulnerability in the Create Customer API in Incognito Service Activation Center (SAC) UI v14.11 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the lastName p... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 18, 2024

  • 4.3

    MEDIUM
    CVE-2024-40443

    SQL Injection vulnerability in Simple Laboratory Management System using PHP and MySQL v.1.0 allows a remote attacker to cause a denial of service via the delete_users function in the Useres.php... Read more

    • Published: Nov. 13, 2024
    • Modified: Apr. 16, 2025

  • 4.8

    MEDIUM
    CVE-2023-38920

    Cross Site Scripting vulnerability in Cyber Cafe Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the adminname parameter.... Read more

    Affected Products : cyber_cafe_management_system
    • Published: Nov. 13, 2024
    • Modified: Mar. 27, 2025

  • 5.3

    MEDIUM
    CVE-2024-49379

    Umbrel is a home server OS for self-hosting. The login functionality of Umbrel before version 1.2.2 contains a reflected cross-site scripting (XSS) vulnerability in use-auth.tsx. An attacker can specify a malicious redirect query parameter to trigger the ... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2024-43093

    In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no a... Read more

    Affected Products : android
    • Actively Exploited
    • Published: Nov. 13, 2024
    • Modified: Aug. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-43091

    In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 17, 2024

  • 5.0

    MEDIUM
    CVE-2024-43090

    In multiple locations, there is a possible cross-user image read due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Aug. 26, 2025

  • 7.8

    HIGH
    CVE-2024-43089

    In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed ... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 17, 2024

  • 8.4

    HIGH
    CVE-2024-43088

    In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check. This could lead to local escalation of privilege across user boundaries wit... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 17, 2024

  • 8.4

    HIGH
    CVE-2024-43087

    In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in the accessibility service settings due to a logic error in the code. This could lead to local escalation of privileg... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 18, 2024

  • 5.5

    MEDIUM
    CVE-2024-43086

    In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. U... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 18, 2024

  • 7.8

    HIGH
    CVE-2024-43085

    In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privilege... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 18, 2024
Showing 20 of 291728 Results