Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-40671

    In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary code execution due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 17, 2024

  • 7.8

    HIGH
    CVE-2024-40661

    In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User i... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 17, 2024

  • 7.8

    HIGH
    CVE-2024-40660

    In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interactio... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 17, 2024

  • 8.4

    HIGH
    CVE-2024-34747

    In DevmemXIntMapPages of devicemem_server.c, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 17, 2024

  • 8.4

    HIGH
    CVE-2024-34729

    In multiple locations, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploit... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 17, 2024

  • 8.4

    HIGH
    CVE-2024-34719

    In multiple locations, there is a possible permissions bypass due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 17, 2024

  • 8.4

    HIGH
    CVE-2024-31337

    In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not need... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 17, 2024

  • 7.8

    HIGH
    CVE-2024-23715

    In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exp... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Nov. 20, 2024

  • 7.8

    HIGH
    CVE-2023-35686

    In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not need... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Nov. 20, 2024

  • 7.8

    HIGH
    CVE-2023-35659

    In DevmemIntChangeSparse of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction ... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Nov. 20, 2024

  • 5.1

    MEDIUM
    CVE-2024-9476

    A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Privilege Escalation allows users to gain access to resources from other organizations within the same Grafana instance via the Grafana Cloud Migration Assistant.This vulnerability will onl... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2024-9413

    The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor (AP) to cause a buffer overflow in System Control Processor (SCP) firmware.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 27, 2024

  • 7.7

    HIGH
    CVE-2024-52292

    Craft is a content management system (CMS). The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-e... Read more

    Affected Products : craft_cms
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 8.4

    HIGH
    CVE-2024-52291

    Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This enables the attacker to specify sensitive folders as the ... Read more

    Affected Products : craft_cms
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 7.5

    HIGH
    CVE-2024-51996

    Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the co... Read more

    Affected Products : symfony
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 7.7

    HIGH
    CVE-2024-45594

    Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.28.3 and 0.29.0.... Read more

    Affected Products : decidim
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-8049

    In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process un... Read more

    • Published: Nov. 13, 2024
    • Modified: Nov. 18, 2024

  • 7.1

    HIGH
    CVE-2024-7295

    In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.... Read more

    Affected Products : telerik_report_server
    • Published: Nov. 13, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-52306

    FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9.... Read more

    Affected Products : filemanager
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-52305

    UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can ... Read more

    Affected Products : unopim
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024
Showing 20 of 291783 Results