Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.7

    MEDIUM
    CVE-2024-43887

    In the Linux kernel, the following vulnerability has been resolved: net/tcp: Disable TCP-AO static key after RCU grace period The lifetime of TCP-AO static_key is the same as the last tcp_ao_info. On the socket destruction tcp_ao_info ceases to be with ... Read more

    Affected Products : linux_kernel
    • Published: Aug. 26, 2024
    • Modified: Sep. 05, 2024

  • 6.8

    MEDIUM
    CVE-2024-37136

    Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information exposure.... Read more

    Affected Products : path_to_powerprotect
    • Published: Sep. 03, 2024
    • Modified: Sep. 05, 2024

  • 5.5

    MEDIUM
    CVE-2024-43890

    In the Linux kernel, the following vulnerability has been resolved: tracing: Fix overflow in get_free_elt() "tracing_map->next_elt" in get_free_elt() is at risk of overflowing. Once it overflows, new elements can still be inserted into the tracing_map ... Read more

    Affected Products : linux_kernel
    • Published: Aug. 26, 2024
    • Modified: Sep. 05, 2024

  • 4.7

    MEDIUM
    CVE-2024-43891

    In the Linux kernel, the following vulnerability has been resolved: tracing: Have format file honor EVENT_FILE_FL_FREED When eventfs was introduced, special care had to be done to coordinate the freeing of the file meta data with the files that are expo... Read more

    Affected Products : linux_kernel
    • Published: Aug. 26, 2024
    • Modified: Sep. 05, 2024

  • 7.5

    HIGH
    CVE-2024-8173

    A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file /login.php of the component Login Page. The manipulation of the argument user leads to sql injection. It is po... Read more

    Affected Products : blood_bank_system blood_bank_system
    • Published: Aug. 26, 2024
    • Modified: Sep. 05, 2024

  • 5.5

    MEDIUM
    CVE-2024-43896

    In the Linux kernel, the following vulnerability has been resolved: ASoC: cs-amp-lib: Fix NULL pointer crash if efi.get_variable is NULL Call efi_rt_services_supported() to check that efi.get_variable exists before calling it.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 26, 2024
    • Modified: Sep. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-41444

    SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so.... Read more

    Affected Products : seacms
    • Published: Aug. 26, 2024
    • Modified: Sep. 05, 2024

  • 6.1

    MEDIUM
    CVE-2024-42790

    A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/index.php?page=test" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter.... Read more

    Affected Products : music_management_system
    • Published: Aug. 26, 2024
    • Modified: Sep. 05, 2024

  • 3.5

    LOW
    CVE-2024-42792

    A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_playlist page.... Read more

    Affected Products : music_management_system
    • Published: Aug. 26, 2024
    • Modified: Sep. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-45265

    A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter.... Read more

    Affected Products : arfa-cms
    • Published: Aug. 26, 2024
    • Modified: Sep. 05, 2024

  • 5.5

    MEDIUM
    CVE-2024-43910

    In the Linux kernel, the following vulnerability has been resolved: bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses Currently, it's possible to pass in a modified CONST_PTR_TO_DYNPTR to a global function as an argument... Read more

    Affected Products : linux_kernel
    • Published: Aug. 26, 2024
    • Modified: Sep. 05, 2024

  • 6.1

    MEDIUM
    CVE-2024-42906

    TestLink before v.1.9.20 is vulnerable to Cross Site Scripting (XSS) via the pop-up on upload file. When uploading a file, the XSS payload can be entered into the file name.... Read more

    Affected Products : testlink
    • Published: Aug. 26, 2024
    • Modified: Sep. 05, 2024

  • 6.1

    MEDIUM
    CVE-2024-44793

    A cross-site scripting (XSS) vulnerability in the component /managers/multiple_freeleech.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the torrents parameter.... Read more

    Affected Products : gazelle
    • Published: Aug. 26, 2024
    • Modified: Sep. 05, 2024

  • 6.1

    MEDIUM
    CVE-2024-44794

    A cross-site scripting (XSS) vulnerability in the component /master/auth/OnedriveRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error_description parameter.... Read more

    Affected Products : picuploader
    • Published: Aug. 26, 2024
    • Modified: Sep. 05, 2024

  • 6.1

    MEDIUM
    CVE-2024-44795

    A cross-site scripting (XSS) vulnerability in the component /login/disabled.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.... Read more

    Affected Products : gazelle
    • Published: Aug. 26, 2024
    • Modified: Sep. 05, 2024

  • 5.5

    MEDIUM
    CVE-2024-43912

    In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: disallow setting special AP channel widths Setting the AP channel width is meant for use with the normal 20/40/... MHz channel width progression, and switching around in ... Read more

    Affected Products : linux_kernel
    • Published: Aug. 26, 2024
    • Modified: Sep. 05, 2024

  • 6.2

    MEDIUM
    CVE-2024-34637

    Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on starting services from the background.... Read more

    Affected Products : android android
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 7.1

    HIGH
    CVE-2024-34638

    Improper handling of exceptional conditions in ThemeCenter prior to SMR Sep-2024 Release 1 allows local attackers to delete non-preloaded applications.... Read more

    Affected Products : android android
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 5.5

    MEDIUM
    CVE-2024-34648

    Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data.... Read more

    Affected Products : android android
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 4.6

    MEDIUM
    CVE-2024-34653

    Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access directories with My Files' privilege.... Read more

    Affected Products : android android
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024
Showing 20 of 292048 Results