Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-47088

    This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on login OTP, which co... Read more

    Affected Products : ld_geo ld_dp_back_office
    • Published: Sep. 19, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-46984

    The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to `XML External Entities` attack d... Read more

    Affected Products : reference_validator
    • Published: Sep. 19, 2024
    • Modified: Sep. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-9008

    A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. This vulnerability affects unknown code of the file /news-details.php of the component Comment Section. The manipulation of the argument name leads to sql inje... Read more

    • Published: Sep. 19, 2024
    • Modified: Mar. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-9011

    A vulnerability, which was classified as critical, was found in code-projects Crud Operation System 1.0. Affected is an unknown function of the file updata.php. The manipulation of the argument sid leads to sql injection. It is possible to launch the atta... Read more

    Affected Products : crud_operation_system
    • Published: Sep. 20, 2024
    • Modified: Sep. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-47222

    New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol.... Read more

    Affected Products : my_office_sdk
    • Published: Sep. 23, 2024
    • Modified: Mar. 18, 2025

  • 9.8

    CRITICAL
    CVE-2024-8791

    The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. This is due to the plugin not properly verifying a user's i... Read more

    Affected Products : charitable charitable
    • Published: Sep. 24, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-9038

    A vulnerability classified as problematic was found in Codezips Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation of the argument productimage1/productimage2/productimag... Read more

    Affected Products : online_shopping_portal
    • Published: Sep. 20, 2024
    • Modified: Sep. 27, 2024

  • 9.8

    CRITICAL
    CVE-2024-42507

    Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitati... Read more

    Affected Products : arubaos
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-9090

    A vulnerability was found in SourceCodester Modern Loan Management System 1.0. It has been classified as critical. Affected is an unknown function of the file search_member.php. The manipulation of the argument searchMember leads to sql injection. It is p... Read more

    Affected Products : modern_loan_management_system
    • Published: Sep. 23, 2024
    • Modified: Sep. 27, 2024

  • 9.8

    CRITICAL
    CVE-2024-7781

    The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in ... Read more

    Affected Products : jupiter_x_core jupiterx
    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 9.8

    CRITICAL
    CVE-2024-46628

    Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function.... Read more

    Affected Products : g3_firmware g3
    • Published: Sep. 26, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-8643

    Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking.This issue affects ValeApp: before v2.0.0.... Read more

    Affected Products : valeapp
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-9318

    A vulnerability, which was classified as critical, has been found in SourceCodester Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file /control/activate.php. The manipulation of the argument id leads to... Read more

    Affected Products : advocate_office_management_system
    • Published: Sep. 28, 2024
    • Modified: Oct. 01, 2024

  • 9.8

    CRITICAL
    CVE-2024-9326

    A vulnerability classified as critical was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /shopping/admin/index.php of the component Admin Panel. The manipulation of the argument username leads to sql i... Read more

    • Published: Sep. 29, 2024
    • Modified: Oct. 02, 2024

  • 9.8

    CRITICAL
    CVE-2024-44097

    According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to int... Read more

    • Published: Oct. 02, 2024
    • Modified: Jul. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-24116

    An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm.... Read more

    • Published: Oct. 02, 2024
    • Modified: Feb. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-33066

    Memory corruption while redirecting log file to any file location with any file name.... Read more

    • Published: Oct. 07, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-8943

    The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. This is due to insufficient verification on the user being supplied during the booking customer step. This makes it possible for unauthent... Read more

    Affected Products : latepoint
    • Published: Oct. 08, 2024
    • Modified: Feb. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-8884

    CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause exposure of credentials when attacker has access to application on network over http... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-44349

    A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB.... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024
Showing 20 of 292725 Results