Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-9286

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), Improper Input Validation vulnerability in TRtek Software Distant Education Platform allows SQL Injection, Parameter Injection.This issue affects Distant Education Platf... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2024-47660

    In the Linux kernel, the following vulnerability has been resolved: fsnotify: clear PARENT_WATCHED flags lazily In some setups directories can have many (usually negative) dentries. Hence __fsnotify_update_child_dentry_flags() function can take a signif... Read more

    Affected Products : linux_kernel
    • Published: Oct. 09, 2024
    • Modified: Oct. 23, 2024

  • 8.8

    HIGH
    CVE-2024-47659

    In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always ge... Read more

    Affected Products : linux_kernel
    • Published: Oct. 09, 2024
    • Modified: Oct. 23, 2024

  • 5.5

    MEDIUM
    CVE-2024-47658

    In the Linux kernel, the following vulnerability has been resolved: crypto: stm32/cryp - call finalize with bh disabled The finalize operation in interrupt mode produce a produces a spinlock recursion warning. The reason is the fact that BH must be disa... Read more

    Affected Products : linux_kernel
    • Published: Oct. 09, 2024
    • Modified: Oct. 23, 2024

  • 7.8

    HIGH
    CVE-2024-46871

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX [Why & How] It actually exposes '6' types in enum dmub_notification_type. Not 5. Using smaller number to crea... Read more

    Affected Products : linux_kernel
    • Published: Oct. 09, 2024
    • Modified: Dec. 14, 2024

  • 4.7

    MEDIUM
    CVE-2024-46870

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable DMCUB timeout for DCN35 [Why] DMCUB can intermittently take longer than expected to process commands. Old ASIC policy was to continue while logging a diagnosti... Read more

    Affected Products : linux_kernel
    • Published: Oct. 09, 2024
    • Modified: Oct. 23, 2024

  • 5.4

    MEDIUM
    CVE-2024-46237

    PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis parameters in doctor/add-patient.php and doctor/edit-patient.php.... Read more

    Affected Products : hospital_management_system
    • Published: Oct. 09, 2024
    • Modified: Oct. 22, 2024

  • 7.8

    HIGH
    CVE-2024-45152

    Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu... Read more

    Affected Products : macos windows substance_3d_stager
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 7.8

    HIGH
    CVE-2024-45144

    Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu... Read more

    Affected Products : macos windows substance_3d_stager
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 7.8

    HIGH
    CVE-2024-45143

    Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vic... Read more

    Affected Products : macos windows substance_3d_stager
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 7.8

    HIGH
    CVE-2024-45142

    Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability allows an attacker to write a controll... Read more

    Affected Products : macos windows substance_3d_stager
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 7.8

    HIGH
    CVE-2024-45141

    Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu... Read more

    Affected Products : macos windows substance_3d_stager
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 7.8

    HIGH
    CVE-2024-45140

    Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu... Read more

    Affected Products : macos windows substance_3d_stager
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 7.8

    HIGH
    CVE-2024-45139

    Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vic... Read more

    Affected Products : macos windows substance_3d_stager
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 7.8

    HIGH
    CVE-2024-45138

    Substance3D - Stager versions 3.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope... Read more

    Affected Products : macos windows substance_3d_stager
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-9680

    An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR <... Read more

    • Actively Exploited
    • Published: Oct. 09, 2024
    • Modified: Nov. 26, 2024

  • 8.2

    HIGH
    CVE-2024-45720

    On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other p... Read more

    Affected Products : subversion windows
    • Published: Oct. 09, 2024
    • Modified: Feb. 11, 2025

  • 7.5

    HIGH
    CVE-2024-28168

    Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue.... Read more

    • Published: Oct. 09, 2024
    • Modified: Jul. 16, 2025

  • 7.6

    HIGH
    CVE-2024-47334

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Flow Zoho Flow for WordPress allows SQL Injection.This issue affects Zoho Flow for WordPress: from n/a through 2.7.1.... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 8.5

    HIGH
    CVE-2024-9575

    Local File Inclusion vulnerability in pretix Widget WordPress plugin pretix-widget on Windows allows PHP Local File Inclusion. This issue affects pretix Widget WordPress plugin: from 1.0.0 through 1.0.5.... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Jan. 09, 2025
Showing 20 of 294846 Results