Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    CVSS31
    CVE-2024-47744

    In the Linux kernel, the following vulnerability has been resolved: KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock Use a dedicated mutex to guard kvm_usage_count to fix a potential deadlock on x86 due to a chain of locks and SRCU ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 4.8

    CVSS31
    CVE-2024-10199

    A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /manage_medicine.php of the component Manage Medicines Page. The manipulation of ... Read more

    Affected Products : pharmacy_management
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 4.8

    CVSS31
    CVE-2024-10198

    A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /manage_customer.php of the component Manage Customer Page. The manipula... Read more

    Affected Products : pharmacy_management
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 9.6

    CVSS31
    CVE-2024-8980

    The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA t... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 5.9

    CVSS31
    CVE-2024-43177

    IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 3.7

    CVSS31
    CVE-2024-43173

    IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 9.0

    CVSS31
    CVE-2024-38002

    The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a wo... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    CVSS31
    CVE-2024-26273

    Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 update 29 through update 35 al... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    CVSS31
    CVE-2024-26272

    Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows re... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    CVSS31
    CVE-2024-26271

    Cross-site request forgery (CSRF) vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 update 75 through update 92 and 7.3 update 32 through upda... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 5.5

    CVSS31
    CVE-2024-47684

    In the Linux kernel, the following vulnerability has been resolved: tcp: check skb is non-NULL in tcp_rto_delta_us() We have some machines running stock Ubuntu 20.04.6 which is their 5.4.0-174-generic kernel that are running ceph and recently hit a null... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 5.5

    CVSS31
    CVE-2024-47681

    In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he Fix the NULL pointer dereference in mt7996_mcu_sta_bfer_he routine adding an sta interface to the mt7996 drive... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 5.5

    CVSS31
    CVE-2024-47677

    In the Linux kernel, the following vulnerability has been resolved: exfat: resolve memory leak from exfat_create_upcase_table() If exfat_load_upcase_table reaches end and returns -EINVAL, allocated memory doesn't get freed and while exfat_load_default_u... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    CVSS31
    CVE-2024-41714

    A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insuf... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 7.5

    CVSS31
    CVE-2024-41713

    A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 5.3

    CVSS31
    CVE-2024-40088

    A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any ... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 9.8

    CVSS31
    CVE-2024-35314

    A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sani... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 6.7

    CVSS31
    CVE-2024-35287

    A vulnerability in the NuPoint Messenger (NPM) component of Mitel MiCollab through version 9.8 SP1 (9.8.1.5) could allow an authenticated attacker with administrative privilege to conduct a privilege escalation attack due to the execution of a resource wi... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 9.8

    CVSS31
    CVE-2024-35286

    A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensi... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 9.8

    CVSS31
    CVE-2024-35285

    A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization.... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024
Showing 20 of 502 Results