Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-50187

    In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Stop the active perfmon before being destroyed Upon closing the file descriptor, the active performance monitor is not stopped. Although all perfmons are destroyed in `vc4_perf... Read more

    Affected Products : linux_kernel
    • Published: Nov. 08, 2024
    • Modified: Nov. 27, 2024

  • 7.8

    HIGH
    CVE-2024-50186

    In the Linux kernel, the following vulnerability has been resolved: net: explicitly clear the sk pointer, when pf->create fails We have recently noticed the exact same KASAN splat as in commit 6cd4a78d962b ("net: do not leave a dangling sk pointer, when... Read more

    Affected Products : linux_kernel
    • Published: Nov. 08, 2024
    • Modified: Dec. 09, 2024

  • 5.5

    MEDIUM
    CVE-2024-50185

    In the Linux kernel, the following vulnerability has been resolved: mptcp: handle consistently DSS corruption Bugged peer implementation can send corrupted DSS options, consistently hitting a few warning in the data path. Use DEBUG_NET assertions, to av... Read more

    Affected Products : linux_kernel
    • Published: Nov. 08, 2024
    • Modified: Dec. 09, 2024

  • 5.5

    MEDIUM
    CVE-2024-50184

    In the Linux kernel, the following vulnerability has been resolved: virtio_pmem: Check device status before requesting flush If a pmem device is in a bad status, the driver side could wait for host ack forever in virtio_pmem_flush(), causing the system ... Read more

    Affected Products : linux_kernel
    • Published: Nov. 08, 2024
    • Modified: Dec. 09, 2024

  • 4.7

    MEDIUM
    CVE-2024-50183

    In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance Deleting an NPIV instance requires all fabric ndlps to be released before an NPIV's resources can be torn d... Read more

    Affected Products : linux_kernel
    • Published: Nov. 08, 2024
    • Modified: Dec. 09, 2024

  • 5.5

    MEDIUM
    CVE-2024-50182

    In the Linux kernel, the following vulnerability has been resolved: secretmem: disable memfd_secret() if arch cannot set direct map Return -ENOSYS from memfd_secret() syscall if !can_set_direct_map(). This is the case for example on some arm64 configur... Read more

    Affected Products : linux_kernel
    • Published: Nov. 08, 2024
    • Modified: Nov. 29, 2024

  • 7.8

    HIGH
    CVE-2024-50180

    In the Linux kernel, the following vulnerability has been resolved: fbdev: sisfb: Fix strbuf array overflow The values of the variables xres and yres are placed in strbuf. These variables are obtained from strbuf1. The strbuf1 array contains digit chara... Read more

    Affected Products : linux_kernel
    • Published: Nov. 08, 2024
    • Modified: Nov. 29, 2024

  • 5.5

    MEDIUM
    CVE-2024-50179

    In the Linux kernel, the following vulnerability has been resolved: ceph: remove the incorrect Fw reference check when dirtying pages When doing the direct-io reads it will also try to mark pages dirty, but for the read path it won't hold the Fw caps an... Read more

    Affected Products : linux_kernel
    • Published: Nov. 08, 2024
    • Modified: Nov. 29, 2024

  • 5.5

    MEDIUM
    CVE-2024-50178

    In the Linux kernel, the following vulnerability has been resolved: cpufreq: loongson3: Use raw_smp_processor_id() in do_service_request() Use raw_smp_processor_id() instead of plain smp_processor_id() in do_service_request(), otherwise we may get some ... Read more

    Affected Products : linux_kernel
    • Published: Nov. 08, 2024
    • Modified: Nov. 27, 2024

  • 5.5

    MEDIUM
    CVE-2024-50177

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a UBSAN warning in DML2.1 When programming phantom pipe, since cursor_width is explicity set to 0, this causes calculation logic to trigger overflow for an unsigned... Read more

    Affected Products : linux_kernel
    • Published: Nov. 08, 2024
    • Modified: Dec. 09, 2024

  • 5.5

    MEDIUM
    CVE-2024-50176

    In the Linux kernel, the following vulnerability has been resolved: remoteproc: k3-r5: Fix error handling when power-up failed By simply bailing out, the driver was violating its rule and internal assumptions that either both or no rproc should be initi... Read more

    Affected Products : linux_kernel
    • Published: Nov. 08, 2024
    • Modified: Nov. 27, 2024

  • 5.5

    MEDIUM
    CVE-2024-50175

    In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: Remove use_count guard in stop_streaming The use_count check was introduced so that multiple concurrent Raw Data Interfaces RDIs could be driven by different virtual... Read more

    Affected Products : linux_kernel
    • Published: Nov. 08, 2024
    • Modified: Nov. 27, 2024

  • 4.7

    MEDIUM
    CVE-2024-50174

    In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix race when converting group handle to group object XArray provides it's own internal lock which protects the internal array when entries are being simultaneously added a... Read more

    Affected Products : linux_kernel
    • Published: Nov. 08, 2024
    • Modified: Nov. 27, 2024

  • 5.5

    MEDIUM
    CVE-2024-50173

    In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix access to uninitialized variable in tick_ctx_cleanup() The group variable can't be used to retrieve ptdev in our second loop, because it points to the previously iterat... Read more

    Affected Products : linux_kernel
    • Published: Nov. 08, 2024
    • Modified: Nov. 27, 2024

  • 8.8

    HIGH
    CVE-2024-10994

    A vulnerability has been found in Codezips Online Institute Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit_user.php. The manipulation of the argument image leads to unrestrict... Read more

    • Published: Nov. 08, 2024
    • Modified: Nov. 18, 2024

  • 8.8

    HIGH
    CVE-2024-10993

    A vulnerability, which was classified as critical, was found in Codezips Online Institute Management System 1.0. Affected is an unknown function of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. ... Read more

    • Published: Nov. 08, 2024
    • Modified: Nov. 18, 2024

  • 6.4

    MEDIUM
    CVE-2024-10621

    The Simple Shortcode for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pw_map shortcode in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping on user supplie... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 08, 2024

  • 7.7

    HIGH
    CVE-2024-21538

    Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a ver... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-10991

    A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /editBranchResult.php. The manipulation of the argument ID leads to sql injection. The at... Read more

    Affected Products : hospital_appointment_system
    • Published: Nov. 08, 2024
    • Modified: Nov. 18, 2024

  • 8.8

    HIGH
    CVE-2024-10990

    A vulnerability classified as critical was found in SourceCodester Online Veterinary Appointment System 1.0. This vulnerability affects unknown code of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. ... Read more

    • Published: Nov. 08, 2024
    • Modified: Nov. 18, 2024
Showing 20 of 293620 Results