Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NONE
    CVE-2024-49869

    In the Linux kernel, the following vulnerability has been resolved: btrfs: send: fix buffer overflow detection when copying path to cache entry Starting with commit c0247d289e73 ("btrfs: send: annotate struct name_cache_entry with __counted_by()") we an... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-49868

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion [BUG] Syzbot reported a NULL pointer dereference with the following crash: FAULT_INJECTION: forcing a fai... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-49867

    In the Linux kernel, the following vulnerability has been resolved: btrfs: wait for fixup workers before stopping cleaner kthread during umount During unmount, at close_ctree(), we have the following steps in this order: 1) Park the cleaner kthread - t... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-49866

    In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Fix a race during cpuhp processing There is another found exception that the "timerlat/1" thread was scheduled on CPU0, and lead to timer corruption finally: ``` ODEB... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-49865

    In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: move xa_alloc to prevent UAF Evil user can guess the next id of the vm before the ioctl completes and then call vm destroy ioctl to trigger UAF since create ioctl is still re... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-49864

    In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix a race between socket set up and I/O thread creation In rxrpc_open_socket(), it sets up the socket and then sets up the I/O thread that will handle it. This is a problem, ho... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-49863

    In the Linux kernel, the following vulnerability has been resolved: vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() Since commit 3f8ca2e115e5 ("vhost/scsi: Extract common handling code from control queue handler") a null pointer dereference bug... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-49368

    Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, causing arbitrary command execution. Version 2.0.0-beta.36 ... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-49367

    Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at `/api/configs` to read directories and file contents on the serv... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-49366

    Nginx UI is a web user interface for the Nginx web server. Nginx UI v2.0.0-beta.35 and earlier gets the value from the json field without verification, and can construct a value value in the form of `../../`. Arbitrary files can be written to the server, ... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-40746

    A stored cross-site scripting (XSS) vulnerability in HikaShop Joomla Component < 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the `description` parameter of any product. Th... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-48930

    secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. In `elliptic`-based version, `loadUncompressedPublicKey` has a check that the public key is on the curve. Prior to versions 5.0.1, 4.0.4, and 3.8.1, howev... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 6.5

    CVSS31
    CVE-2024-8305

    prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions pr... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 8.2

    CVSS31
    CVE-2024-6519

    A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-45309

    OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9.... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-49862

    In the Linux kernel, the following vulnerability has been resolved: powercap: intel_rapl: Fix off by one in get_rpi() The rp->priv->rpi array is either rpi_msr or rpi_tpmi which have NR_RAPL_PRIMITIVES number of elements. Thus the > needs to be >= to p... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-49861

    In the Linux kernel, the following vulnerability has been resolved: bpf: Fix helper writes to read-only maps Lonial found an issue that despite user- and BPF-side frozen BPF map (like in case of .rodata), it was still possible to write into it from a BP... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 0.0

    NONE
    CVE-2024-49860

    In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of _STR method Only buffer objects are valid return values of _STR. If something else is returned description_show() will access invalid memory.... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024

  • 4.7

    CVSS31
    CVE-2024-49859

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to check atomic_file in f2fs ioctl interfaces Some f2fs ioctl interfaces like f2fs_ioc_set_pin_file(), f2fs_move_file_range(), and f2fs_defragment_range() missed to check atom... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 0.0

    NONE
    CVE-2024-49858

    In the Linux kernel, the following vulnerability has been resolved: efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption The TPM event log table is a Linux specific construct, where the data produced by the GetEventLog() boot service i... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 21, 2024
Showing 20 of 518 Results