Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-44987

    In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6_send_skb() syzbot reported an UAF in ip6_send_skb() [1] After ip6_local_out() has returned, we no longer can safely dereference rt, unless we hold rcu_read_loc... Read more

    Affected Products : linux_kernel
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 5.5

    MEDIUM
    CVE-2024-44936

    In the Linux kernel, the following vulnerability has been resolved: power: supply: rt5033: Bring back i2c_set_clientdata Commit 3a93da231c12 ("power: supply: rt5033: Use devm_power_supply_register() helper") reworked the driver to use devm. While at it,... Read more

    Affected Products : linux_kernel
    • Published: Aug. 26, 2024
    • Modified: Sep. 05, 2024

  • 7.8

    HIGH
    CVE-2024-7834

    A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. This allows an attacker with unprivileged access to the system to run arbitrary code with... Read more

    Affected Products : overwolf
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 5.5

    MEDIUM
    CVE-2024-42307

    In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path Dan Carpenter reported a Smack static checker warning: fs/smb/client/cifsfs.c:1981 init_cifs() er... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Sep. 05, 2024

  • 5.5

    MEDIUM
    CVE-2022-48877

    In the Linux kernel, the following vulnerability has been resolved: f2fs: let's avoid panic if extent_tree is not created This patch avoids the below panic. pc : __lookup_extent_tree+0xd8/0x760 lr : f2fs_do_write_data_page+0x104/0x87c sp : ffffffc010cb... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 05, 2024

  • 6.3

    MEDIUM
    CVE-2024-8462

    A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of ex... Read more

    Affected Products :
    • Published: Sep. 05, 2024
    • Modified: Sep. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-8289

    The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capability check on the update_item_permissions_check and cre... Read more

    Affected Products : multivendorx
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 6.1

    MEDIUM
    CVE-2024-8413

    Cross Site Scripting (XSS) vulnerability through the action parameter in index.php. Affected product codebase https://github.com/Bioshox/Raspcontrol and forks such as https://github.com/harmon25/raspcontrol . An attacker could exploit this vulnerabilit... Read more

    Affected Products : raspcontrol
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 8.0

    HIGH
    CVE-2024-44383

    WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm.... Read more

    Affected Products : fbm-291w_firmware fbm-291w
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 5.5

    MEDIUM
    CVE-2024-42288

    In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix for possible memory corruption Init Control Block is dereferenced incorrectly. Correctly dereference ICB... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Sep. 05, 2024

  • 5.5

    MEDIUM
    CVE-2024-42289

    In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: During vport delete send async logout explicitly During vport delete, it is observed that during unload we hit a crash because of stale entries in outstanding command arr... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Sep. 05, 2024

  • 8.8

    HIGH
    CVE-2024-40645

    FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image re... Read more

    Affected Products : fogproject fog
    • Published: Jul. 31, 2024
    • Modified: Sep. 05, 2024

  • 7.5

    HIGH
    CVE-2024-41108

    FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. This data can only be retrieve... Read more

    Affected Products : fogproject fog
    • Published: Jul. 31, 2024
    • Modified: Sep. 05, 2024

  • 7.8

    HIGH
    CVE-2024-41954

    FOG is a cloning/imaging/rescue suite/inventory management system. The application stores plaintext service account credentials in the "/opt/fog/.fogsettings" file. This file is by default readable by all users on the host. By exploiting these credentials... Read more

    Affected Products : fogproject
    • Published: Jul. 31, 2024
    • Modified: Sep. 05, 2024

  • 7.2

    HIGH
    CVE-2024-38482

    CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute u... Read more

    Affected Products : cloudlink
    • Published: Aug. 02, 2024
    • Modified: Sep. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-42458

    server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369.... Read more

    Affected Products : neatvnc
    • Published: Aug. 02, 2024
    • Modified: Sep. 05, 2024

  • 5.4

    MEDIUM
    CVE-2024-6710

    The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.... Read more

    Affected Products : ditty
    • Published: Aug. 05, 2024
    • Modified: Sep. 05, 2024

  • 8.8

    HIGH
    CVE-2024-43942

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Query and Meta Addon allows SQL Injection.This issue affects Greenshift Query and Meta Addon: from n/a before 3.9.2.... Read more

    Affected Products : greenshift_query_addon
    • Published: Aug. 29, 2024
    • Modified: Sep. 05, 2024

  • 8.8

    HIGH
    CVE-2024-43943

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Woocommerce Addon allows SQL Injection.This issue affects Greenshift Woocommerce Addon: from n/a before 1.9.8.... Read more

    Affected Products : greenshift_woocommerce_addon
    • Published: Aug. 29, 2024
    • Modified: Sep. 05, 2024

  • 8.8

    HIGH
    CVE-2024-43957

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sk. Abul Hasan Animated Number Counters allows PHP Local File Inclusion.This issue affects Animated Number Counters: from n/a through 1.9.... Read more

    Affected Products : animated_number_counters
    • Published: Aug. 29, 2024
    • Modified: Sep. 05, 2024
Showing 20 of 290204 Results