Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2024-43877

    In the Linux kernel, the following vulnerability has been resolved: media: pci: ivtv: Add check for DMA map result In case DMA fails, 'dma->SG_length' is 0. This value is later used to access 'dma->SGarray[dma->SG_length - 1]', which will cause out of b... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 0.0

    NA
    CVE-2022-48880

    In the Linux kernel, the following vulnerability has been resolved: platform/surface: aggregator: Add missing call to ssam_request_sync_free() Although rare, ssam_request_sync_init() can fail. In that case, the request should be freed via ssam_request_s... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 0.0

    NA
    CVE-2024-43879

    In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Currently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in cfg80211_calculate_bitrate_he(), leading to... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 5.3

    MEDIUM
    CVE-2024-6568

    The Flamix: Bitrix24 and Contact Form 7 integrations plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.0. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This ... Read more

    Affected Products :
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 7.2

    HIGH
    CVE-2024-7134

    The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘form_data’ parameter in all versions up to, and including, 3.3.78 due to insufficient input sanitization and output escapi... Read more

    Affected Products :
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 5.3

    MEDIUM
    CVE-2024-8022

    A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. It has been rated as problematic. This issue affects some unknown processing of the file /vood/cgi-bin/vood_view.cgi?lang=EN&act=user/spec_conf&sessionId=86213915328111654515... Read more

    Affected Products :
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 0.0

    NA
    CVE-2024-43865

    In the Linux kernel, the following vulnerability has been resolved: s390/fpu: Re-add exception handling in load_fpu_state() With the recent rewrite of the fpu code exception handling for the lfpc instruction within load_fpu_state() was erroneously remov... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 6.1

    MEDIUM
    CVE-2024-7090

    The LH Add Media From Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘lh_add_media_from_url-file_url’ parameter in all versions up to, and including, 1.23 due to insufficient input sanitization and output escaping. This m... Read more

    Affected Products :
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 0.0

    NA
    CVE-2024-43881

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: change DMA direction while mapping reinjected packets For fragmented packets, ath12k reassembles each fragment as a normal packet and then reinjects it into HW ring. In th... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 0.0

    NA
    CVE-2024-43864

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix CT entry update leaks of modify header context The cited commit allocates a new modify header to replace the old one when updating CT entry. But if failed to allocate a n... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 0.0

    NA
    CVE-2024-43870

    In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exit When a task is scheduled out, pending sigtrap deliveries are deferred to the target task upon resume to userspace via task_work. However failures while a... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 0.0

    NA
    CVE-2024-43880

    In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_erp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM (A-TCAM) or in the ordinary circuit TCAM (C-TCAM). The former c... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 7.8

    HIGH
    CVE-2024-7013

    Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.... Read more

    Affected Products :
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 8.8

    HIGH
    CVE-2024-43403

    Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created Clust... Read more

    Affected Products :
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-6767

    The WordSurvey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sounding_title’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authentica... Read more

    Affected Products :
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 0.0

    NA
    CVE-2024-43867

    In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix refcount underflow Calling nouveau_bo_ref() on a nouveau_bo without initializing it (and hence the backing ttm_bo) leads to a refcount underflow. Instead of cal... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 0.0

    NA
    CVE-2024-43875

    In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Clean up error handling in vpci_scan_bus() Smatch complains about inconsistent NULL checking in vpci_scan_bus(): drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 v... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7919

    A vulnerability, which was classified as critical, has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. This issue affects some unknown processing of the file /report/ParkChargeRecord/GetDataList. The manipulati... Read more

    Affected Products : jielink\+_jsotc2016
    • Published: Aug. 19, 2024
    • Modified: Aug. 21, 2024

  • 6.1

    MEDIUM
    CVE-2024-23729

    The ColorOS Internet Browser com.heytap.browser application 45.10.3.4.1 for Android allows a remote attacker to execute arbitrary JavaScript code via the com.android.browser.RealBrowserActivity component.... Read more

    Affected Products : internet_browser
    • Published: Aug. 19, 2024
    • Modified: Aug. 20, 2024

  • 8.4

    HIGH
    CVE-2024-44067

    The T-Head XuanTie C910 CPU in the TH1520 SoC and the T-Head XuanTie C920 CPU in the SOPHON SG2042 have instructions that allow unprivileged attackers to write to arbitrary physical memory locations, aka GhostWrite.... Read more

    Affected Products :
    • Published: Aug. 19, 2024
    • Modified: Aug. 20, 2024
Showing 20 of 291638 Results