Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2024-5682

    Improper Restriction of Excessive Authentication Attempts vulnerability in Yordam Information Technology Yordam Library Automation System allows Interface Manipulation.This issue affects Yordam Library Automation System: before 20.1.... Read more

    Affected Products : library_automation_system
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 8.8

    HIGH
    CVE-2024-41929

    Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 8.8

    HIGH
    CVE-2024-43778

    OS command injection vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 6.2

    MEDIUM
    CVE-2024-8939

    A vulnerability was found in the ilab model serve component, where improper handling of the best_of parameter in the vllm JSON web API can lead to a Denial of Service (DoS). The API used for LLM-based sentence or chat completion accepts a best_of paramete... Read more

    Affected Products : vllm
    • Published: Sep. 17, 2024
    • Modified: Sep. 20, 2024

  • 9.9

    CRITICAL
    CVE-2024-45798

    arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The `arduino-esp32` CI is vulnerable to multiple Poisoned Pipeline Execution (PPE) vulnerabilities. Code injection in `tests_results.yml`... Read more

    Affected Products : arduino-esp32
    • Published: Sep. 17, 2024
    • Modified: Sep. 20, 2024

  • 0.0

    NA
    CVE-2024-46716

    In the Linux kernel, the following vulnerability has been resolved: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor Remove list_del call in msgdma_chan_desc_cleanup, this should be the role of msgdma_free_descriptor. In cons... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 0.0

    NA
    CVE-2024-46764

    In the Linux kernel, the following vulnerability has been resolved: bpf: add check for invalid name in btf_name_valid_section() If the length of the name string is 1 and the value of name[0] is NULL byte, an OOB vulnerability occurs in btf_name_valid_se... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 0.0

    NA
    CVE-2024-46752

    In the Linux kernel, the following vulnerability has been resolved: btrfs: replace BUG_ON() with error handling at update_ref_for_cow() Instead of a BUG_ON() just return an error, log an error message and abort the transaction in case we find an extent ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 0.0

    NA
    CVE-2024-46767

    In the Linux kernel, the following vulnerability has been resolved: net: phy: Fix missing of_node_put() for leds The call of of_get_child_by_name() will cause refcount incremented for leds, if it succeeds, it should call of_node_put() to decrease it, fi... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 0.0

    NA
    CVE-2024-46748

    In the Linux kernel, the following vulnerability has been resolved: cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT Set the maximum size of a subrequest that writes to cachefiles to be MAX_RW_COUNT so that we don't overrun the maxim... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 7.2

    HIGH
    CVE-2024-42502

    Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system.... Read more

    Affected Products : arubaos
    • Published: Sep. 17, 2024
    • Modified: Sep. 20, 2024

  • 0.0

    NA
    CVE-2024-46717

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix incorrect page release Under the following conditions: 1) No skb created yet 2) header_size == 0 (no SHAMPO header) 3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_P... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 0.0

    NA
    CVE-2024-46745

    In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 0.0

    NA
    CVE-2024-46736

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double put of @cfile in smb2_rename_path() If smb2_set_path_attr() is called with a valid @cfile and returned -EINVAL, we need to call cifs_get_writable_path() again as... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 7.8

    HIGH
    CVE-2024-45858

    An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a maliciously crafted XML file containing Python code, the code wil... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 7.5

    HIGH
    CVE-2024-37406

    In Brave Android prior to v1.67.116, domains in the Brave Shields popup are elided from the right instead of the left, which may lead to domain confusion.... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 8.6

    HIGH
    CVE-2023-47105

    exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 8.7

    HIGH
    CVE-2024-7736

    A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products : 3dexperience
    • Published: Sep. 19, 2024
    • Modified: Sep. 20, 2024

  • 9.3

    CRITICAL
    CVE-2024-7785

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ece Software Electronic Ticket System allows Reflected XSS, Cross-Site Scripting (XSS).This issue affects Electronic Ticket System: before 2024.08... Read more

    Affected Products :
    • Published: Sep. 19, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-34399

    **UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account without using any password. NOTE: This vulnerability only affects products that are no longer suppor... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024
Showing 20 of 294848 Results