Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-23938

    Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not... Read more

    Affected Products : gecko_os
    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 5.3

    MEDIUM
    CVE-2024-9189

    The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the alg_wc_eu_vat_exempt_vat_from_admin() function in all versions up to, and including, 2.12.12. This makes... Read more

    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 6.1

    MEDIUM
    CVE-2024-8788

    The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.11. This makes it possible for un... Read more

    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 5.5

    MEDIUM
    CVE-2024-44972

    In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clear page dirty inside extent_write_locked_range() [BUG] For subpage + zoned case, the following workload can lead to rsv data leak at unmount time: # mkfs.btrfs -f -s... Read more

    Affected Products : linux_kernel
    • Published: Sep. 04, 2024
    • Modified: Oct. 03, 2024

  • 5.5

    MEDIUM
    CVE-2024-46861

    In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: do not stop RX on failing RX callback RX callbacks can fail for multiple reasons: * Payload too short * Payload formatted incorrecly (e.g. bad NCM framing) * Lack of me... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Oct. 03, 2024

  • 5.5

    MEDIUM
    CVE-2024-46862

    In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-mtl-match: add missing empty item There is no links_num in struct snd_soc_acpi_mach {}, and we test !link->num_adr as a condition to end the loop in hda_sdw_... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Oct. 03, 2024

  • 5.5

    MEDIUM
    CVE-2024-46863

    In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item There is no links_num in struct snd_soc_acpi_mach {}, and we test !link->num_adr as a condition to end the loop in hda_sdw_... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Oct. 03, 2024

  • 5.5

    MEDIUM
    CVE-2024-46864

    In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: fix kexec crash due to VP assist page corruption commit 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline") introduces a new cpuhp st... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Oct. 03, 2024

  • 8.8

    HIGH
    CVE-2024-47083

    Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitive information, specifically the `client_secret` used in ... Read more

    Affected Products : power_platform_terraform_provider
    • Published: Sep. 25, 2024
    • Modified: Oct. 03, 2024

  • 9.3

    CRITICAL
    CVE-2024-20510

    A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list (ACL), which could allow access to net... Read more

    Affected Products : ios_xe
    • Published: Sep. 25, 2024
    • Modified: Oct. 03, 2024

  • 6.5

    MEDIUM
    CVE-2024-20508

    A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service (DoS) condit... Read more

    • Published: Sep. 25, 2024
    • Modified: Oct. 03, 2024

  • 6.4

    MEDIUM
    CVE-2024-9177

    The Themedy Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themedy_col, themedy_social_link, themedy_alertbox, and themedy_pullleft shortcodes in all versions up to, and including, 1.0.14, and up to, and includi... Read more

    Affected Products : toolbox
    • Published: Sep. 26, 2024
    • Modified: Oct. 03, 2024

  • 5.5

    MEDIUM
    CVE-2024-44975

    In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: fix panic caused by partcmd_update We find a bug as below: BUG: unable to handle page fault for address: 00000003 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID... Read more

    Affected Products : linux_kernel
    • Published: Sep. 04, 2024
    • Modified: Oct. 03, 2024

  • 5.5

    MEDIUM
    CVE-2024-44973

    In the Linux kernel, the following vulnerability has been resolved: mm, slub: do not call do_slab_free for kfence object In 782f8906f805 the freeing of kfence objects was moved from deep inside do_slab_free to the wrapper functions outside. This is a ni... Read more

    Affected Products : linux_kernel
    • Published: Sep. 04, 2024
    • Modified: Oct. 03, 2024

  • 5.5

    MEDIUM
    CVE-2024-44970

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink When all the strides in a WQE have been consumed, the WQE is unlinked from the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 04, 2024
    • Modified: Oct. 03, 2024

  • 8.6

    HIGH
    CVE-2024-20304

    A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device. This vulnerability exists because the Mtrace2 code ... Read more

    Affected Products : ios_xr
    • Published: Sep. 11, 2024
    • Modified: Oct. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-7575

    In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.... Read more

    Affected Products : ui_for_wpf
    • Published: Sep. 25, 2024
    • Modified: Oct. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-7576

    In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.... Read more

    Affected Products : ui_for_wpf
    • Published: Sep. 25, 2024
    • Modified: Oct. 03, 2024

  • 8.6

    HIGH
    CVE-2024-20433

    A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) ... Read more

    Affected Products : ios_xe ios
    • Published: Sep. 25, 2024
    • Modified: Oct. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-8692

    A vulnerability classified as critical was found in TDuckCloud TDuckPro up to 6.3. Affected by this vulnerability is an unknown functionality. The manipulation leads to weak password recovery. The attack can be launched remotely. The exploit has been disc... Read more

    Affected Products : tduckpro
    • Published: Sep. 11, 2024
    • Modified: Oct. 03, 2024
Showing 20 of 291219 Results