Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-43893

    In the Linux kernel, the following vulnerability has been resolved: serial: core: check uartclk for zero to avoid divide by zero Calling ioctl TIOCSSERIAL with an invalid baud_base can result in uartclk being zero, which will result in a divide by zero ... Read more

    Affected Products : linux_kernel
    • Published: Aug. 26, 2024
    • Modified: Sep. 10, 2024

  • 5.5

    MEDIUM
    CVE-2024-43894

    In the Linux kernel, the following vulnerability has been resolved: drm/client: fix null pointer dereference in drm_client_modeset_probe In drm_client_modeset_probe(), the return value of drm_mode_duplicate() is assigned to modeset->mode, which will lea... Read more

    Affected Products : linux_kernel
    • Published: Aug. 26, 2024
    • Modified: Sep. 10, 2024

  • 5.5

    MEDIUM
    CVE-2023-52915

    In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer In af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former chec... Read more

    Affected Products : linux_kernel
    • Published: Sep. 06, 2024
    • Modified: Sep. 10, 2024

  • 7.5

    HIGH
    CVE-2024-44408

    D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords.... Read more

    Affected Products : dir-823g_firmware dir-823g
    • Published: Sep. 06, 2024
    • Modified: Sep. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-44402

    D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm.... Read more

    Affected Products : di-8100g_firmware di-8100g
    • Published: Sep. 06, 2024
    • Modified: Sep. 10, 2024

  • 7.1

    HIGH
    CVE-2024-44983

    In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate vlan header Ensure there is sufficient room to access the protocol field of the VLAN header, validate it once before the flowtable lookup. ==============... Read more

    Affected Products : linux_kernel
    • Published: Sep. 04, 2024
    • Modified: Sep. 10, 2024

  • 7.8

    HIGH
    CVE-2024-44978

    In the Linux kernel, the following vulnerability has been resolved: drm/xe: Free job before xe_exec_queue_put Free job depends on job->vm being valid, the last xe_exec_queue_put can destroy the VM. Prevent UAF by freeing job before xe_exec_queue_put. (... Read more

    Affected Products : linux_kernel
    • Published: Sep. 04, 2024
    • Modified: Sep. 10, 2024

  • 9.3

    CRITICAL
    CVE-2024-42348

    FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.2 can leak AD username and password when registering a computer. This vulnerability is fixed in 1.5.10.41.3 and 1.6.0-beta.1395.... Read more

    Affected Products : fogproject
    • Published: Aug. 02, 2024
    • Modified: Sep. 10, 2024

  • 5.3

    MEDIUM
    CVE-2024-42349

    FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.4 and earlier can leak authorized and rejected logins via logs stored directly on the root of the web server. FOG Server creates 2 logs on the root of the web server (... Read more

    Affected Products : fogproject fog
    • Published: Aug. 02, 2024
    • Modified: Sep. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-38886

    An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel.... Read more

    Affected Products : caterease
    • Published: Aug. 02, 2024
    • Modified: Sep. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-38889

    An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform SQL Injection due to improper neutralization of special elements used in an SQL command.... Read more

    Affected Products : caterease
    • Published: Aug. 02, 2024
    • Modified: Sep. 10, 2024

  • 8.8

    HIGH
    CVE-2024-45044

    Bareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command in bconsole using an abbreviation (i.e. "w" for "whoami") the ACL check did not apply to the ful... Read more

    Affected Products : bareos
    • Published: Sep. 10, 2024
    • Modified: Sep. 10, 2024

  • 5.3

    MEDIUM
    CVE-2024-8558

    A vulnerability classified as problematic was found in SourceCodester Food Ordering Management System 1.0. This vulnerability affects unknown code of the file /foms/routers/place-order.php of the component Price Handler. The manipulation of the argument t... Read more

    Affected Products : food_ordering_management_system
    • Published: Sep. 07, 2024
    • Modified: Sep. 10, 2024

  • 5.4

    MEDIUM
    CVE-2024-8583

    A vulnerability was found in SourceCodester Online Bank Management System and Online Bank Management System - 1.0. It has been classified as problematic. This affects an unknown part of the file /mfeedback.php of the component Feedback Handler. The manipu... Read more

    Affected Products : online_bank_management_system
    • Published: Sep. 08, 2024
    • Modified: Sep. 10, 2024

  • 6.1

    MEDIUM
    CVE-2024-8582

    A vulnerability was found in SourceCodester Food Ordering Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument description leads to cross site sc... Read more

    Affected Products : food_ordering_management_system
    • Published: Sep. 08, 2024
    • Modified: Sep. 10, 2024

  • 9.2

    CRITICAL
    CVE-2024-8580

    A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This vulnerability affects unknown code of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can be initiated remotel... Read more

    Affected Products : t8_firmware t8
    • Published: Sep. 08, 2024
    • Modified: Sep. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-8579

    A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This affects the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. It is pos... Read more

    Affected Products : t8_firmware t8
    • Published: Sep. 08, 2024
    • Modified: Sep. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-8569

    A vulnerability has been found in code-projects Hospital Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file user-login.php. The manipulation of the argument username leads to sql inject... Read more

    • Published: Sep. 08, 2024
    • Modified: Sep. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-8567

    A vulnerability, which was classified as critical, has been found in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=delete_deductions. The manipulation of the argument id leads to sql in... Read more

    • Published: Sep. 08, 2024
    • Modified: Sep. 10, 2024

  • 6.9

    MEDIUM
    CVE-2024-8566

    A vulnerability classified as problematic was found in code-projects Online Shop Store 1.0. This vulnerability affects unknown code of the file /settings.php. The manipulation of the argument error leads to cross site scripting. The attack can be initiate... Read more

    Affected Products : online_shop_store
    • Published: Sep. 08, 2024
    • Modified: Sep. 10, 2024
Showing 20 of 292323 Results