Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.5

    HIGH
    CVE-2024-28981

    Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields.... Read more

    Affected Products :
    • Published: Sep. 12, 2024
    • Modified: Sep. 12, 2024

  • 6.7

    MEDIUM
    CVE-2024-8097

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server (Logging modules) allows Sensitive credentials posted in plain-text on the server log.This issue affects Payara Server: from 6.0.0 before 6.18.0, fro... Read more

    Affected Products :
    • Published: Sep. 11, 2024
    • Modified: Sep. 12, 2024

  • 7.8

    HIGH
    CVE-2024-44974

    In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: avoid possible UaF when selecting endp select_local_address() and select_signal_address() both select an endpoint entry from the list inside an RCU protected section, but ret... Read more

    Affected Products : linux_kernel
    • Published: Sep. 04, 2024
    • Modified: Sep. 12, 2024

  • 5.5

    MEDIUM
    CVE-2024-43905

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr Check return value and conduct null pointer handling to avoid null pointer dereference.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 26, 2024
    • Modified: Sep. 12, 2024

  • 5.5

    MEDIUM
    CVE-2024-43897

    In the Linux kernel, the following vulnerability has been resolved: net: drop bad gso csum_start and offset in virtio_net_hdr Tighten csum_start and csum_offset checks in virtio_net_hdr_to_skb for GSO packets. The function already checks that a checksu... Read more

    Affected Products : linux_kernel
    • Published: Aug. 26, 2024
    • Modified: Sep. 12, 2024

  • 4.7

    MEDIUM
    CVE-2024-43892

    In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to mem_cgroup_idr Commit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after many small jobs") decoupled the memcg IDs from the CSS ID spac... Read more

    Affected Products : linux_kernel
    • Published: Aug. 26, 2024
    • Modified: Sep. 12, 2024

  • 5.5

    MEDIUM
    CVE-2024-43854

    In the Linux kernel, the following vulnerability has been resolved: block: initialize integrity buffer to zero before writing it to media Metadata added by bio_integrity_prep is using plain kmalloc, which leads to random kernel memory being written medi... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Sep. 12, 2024

  • 5.5

    MEDIUM
    CVE-2024-42246

    In the Linux kernel, the following vulnerability has been resolved: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket When using a BPF program on kernel_connect(), the call can return -EPERM. This causes xs_tcp_setup_socket()... Read more

    Affected Products : linux_kernel
    • Published: Aug. 07, 2024
    • Modified: Sep. 12, 2024

  • 7.3

    HIGH
    CVE-2024-38226

    Microsoft Publisher Security Feature Bypass Vulnerability... Read more

    • Actively Exploited
    • Published: Sep. 10, 2024
    • Modified: Sep. 12, 2024

  • 7.4

    HIGH
    CVE-2024-27729

    Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature.... Read more

    Affected Products : friendica
    • Published: Aug. 15, 2024
    • Modified: Sep. 11, 2024

  • 6.5

    MEDIUM
    CVE-2024-37286

    APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response... Read more

    Affected Products : apm_server
    • Published: Aug. 03, 2024
    • Modified: Sep. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-7500

    A vulnerability was found in itsourcecode Airline Reservation System 1.0. It has been rated as critical. Affected by this issue is the function save_settings of the file admin/admin_class.php. The manipulation of the argument img leads to unrestricted upl... Read more

    Affected Products : airline_reservation_system
    • Published: Aug. 06, 2024
    • Modified: Sep. 11, 2024

  • 8.8

    HIGH
    CVE-2024-7506

    A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /setlogo.php. The manipulation of the argument bgimg leads to unrestricted up... Read more

    • Published: Aug. 06, 2024
    • Modified: Sep. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-7505

    A vulnerability, which was classified as critical, was found in itsourcecode Bike Delivery System 1.0. Affected is an unknown function of the file contact_us_action.php. The manipulation of the argument name leads to sql injection. It is possible to launc... Read more

    Affected Products : bike_delivery_system
    • Published: Aug. 06, 2024
    • Modified: Sep. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-7585

    A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as critical. Affected by this vulnerability is the function formApPortalWebAuth of the file /goform/apPortalAuth. The manipulation of the argument webUserName/webUserPassword leads t... Read more

    Affected Products : i22_firmware i22
    • Published: Aug. 07, 2024
    • Modified: Sep. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-7584

    A vulnerability, which was classified as critical, was found in Tenda i22 1.0.0.3(4687). Affected is the function formApPortalPhoneAuth of the file /goform/apPortalPhoneAuth. The manipulation of the argument data leads to buffer overflow. It is possible t... Read more

    Affected Products : i22_firmware i22
    • Published: Aug. 07, 2024
    • Modified: Sep. 11, 2024

  • 7.8

    HIGH
    CVE-2024-43114

    In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions... Read more

    Affected Products : teamcity
    • Published: Aug. 06, 2024
    • Modified: Sep. 11, 2024

  • 6.6

    MEDIUM
    CVE-2024-42034

    LaunchAnywhere vulnerability in the account module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Aug. 08, 2024
    • Modified: Sep. 11, 2024

  • 8.4

    HIGH
    CVE-2024-42035

    Permission control vulnerability in the App Multiplier module Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Aug. 08, 2024
    • Modified: Sep. 11, 2024

  • 8.8

    HIGH
    CVE-2024-8147

    A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php?action=editPharmacist. The manipulation of the argument id leads to sql injection. The ... Read more

    • Published: Aug. 25, 2024
    • Modified: Sep. 11, 2024
Showing 20 of 292814 Results