Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-43837

    In the Linux kernel, the following vulnerability has been resolved: bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT When loading a EXT program without specifying `attr->attach_prog_fd`, the `prog->aux->dst_prog` will be nu... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Aug. 22, 2024

  • 5.5

    MEDIUM
    CVE-2024-43836

    In the Linux kernel, the following vulnerability has been resolved: net: ethtool: pse-pd: Fix possible null-deref Fix a possible null dereference when a PSE supports both c33 and PoDL, but only one of the netlink attributes is specified. The c33 or PoDL... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Aug. 22, 2024

  • 5.5

    MEDIUM
    CVE-2024-43833

    In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix NULL pointer dereference in adding ancillary links In v4l2_async_create_ancillary_links(), ancillary links are created for lens and flash sub-devices. These are s... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Aug. 22, 2024

  • 5.5

    MEDIUM
    CVE-2024-43828

    In the Linux kernel, the following vulnerability has been resolved: ext4: fix infinite loop when replaying fast_commit When doing fast_commit replay an infinite loop may occur due to an uninitialized extent_status struct. ext4_ext_determine_insert_hole... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Aug. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-45169

    An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (D... Read more

    Affected Products :
    • Published: Aug. 22, 2024
    • Modified: Aug. 22, 2024

  • 9.1

    CRITICAL
    CVE-2024-45163

    The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and control) server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username (such as root)... Read more

    Affected Products :
    • Published: Aug. 22, 2024
    • Modified: Aug. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-7746

    Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator Panel modules allows Authentication Abuse.This issue affects the privileged transactions implemented by the Traccar solution that should otherwise be protected ... Read more

    Affected Products : traccar
    • Published: Aug. 13, 2024
    • Modified: Aug. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-7731

    Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.... Read more

    Affected Products : dr.id_access_control
    • Published: Aug. 14, 2024
    • Modified: Aug. 22, 2024

  • 5.5

    MEDIUM
    CVE-2024-36505

    An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothet... Read more

    Affected Products : fortios
    • Published: Aug. 13, 2024
    • Modified: Aug. 22, 2024

  • 9.1

    CRITICAL
    CVE-2024-45168

    An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is transferred over a raw socket without any authentication mechanism. Thus, communication endpoints are not verifiable.... Read more

    Affected Products :
    • Published: Aug. 22, 2024
    • Modified: Aug. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-45166

    An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (D... Read more

    Affected Products :
    • Published: Aug. 22, 2024
    • Modified: Aug. 22, 2024

  • 7.8

    HIGH
    CVE-2024-21757

    A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and version... Read more

    Affected Products : fortimanager fortianalyzer
    • Published: Aug. 13, 2024
    • Modified: Aug. 22, 2024

  • 9.0

    CRITICAL
    CVE-2023-26211

    An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module.... Read more

    Affected Products : fortisoar
    • Published: Aug. 13, 2024
    • Modified: Aug. 22, 2024

  • 8.8

    HIGH
    CVE-2022-45862

    An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all ... Read more

    • Published: Aug. 13, 2024
    • Modified: Aug. 22, 2024

  • 7.8

    HIGH
    CVE-2022-27486

    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6... Read more

    Affected Products : fortiddos fortiddos-f
    • Published: Aug. 13, 2024
    • Modified: Aug. 22, 2024

  • 7.1

    HIGH
    CVE-2024-5849

    An unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once.... Read more

    • Published: Aug. 13, 2024
    • Modified: Aug. 22, 2024

  • 7.1

    HIGH
    CVE-2024-38502

    An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once.... Read more

    • Published: Aug. 13, 2024
    • Modified: Aug. 22, 2024

  • 6.1

    MEDIUM
    CVE-2024-38501

    An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device.... Read more

    • Published: Aug. 13, 2024
    • Modified: Aug. 22, 2024

  • 9.1

    CRITICAL
    CVE-2024-37287

    A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitra... Read more

    Affected Products : kibana
    • Published: Aug. 13, 2024
    • Modified: Aug. 22, 2024

  • 7.5

    HIGH
    CVE-2024-35124

    A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ... Read more

    Affected Products : openbmc
    • Published: Aug. 13, 2024
    • Modified: Aug. 22, 2024
Showing 20 of 291395 Results