Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-25314

    Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2.... Read more

    Affected Products : hotel_management_system
    • EPSS Score: %0.18
    • Published: Feb. 09, 2024
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2024-25305

    Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/index.php.... Read more

    Affected Products : simple_school_management_system
    • EPSS Score: %0.07
    • Published: Feb. 09, 2024
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2024-25304

    Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php."... Read more

    Affected Products : simple_school_management_system
    • EPSS Score: %0.18
    • Published: Feb. 09, 2024
    • Modified: May. 15, 2025

  • 7.8

    HIGH
    CVE-2024-25004

    KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arb... Read more

    Affected Products : kitty
    • EPSS Score: %0.62
    • Published: Feb. 09, 2024
    • Modified: May. 15, 2025

  • 4.3

    MEDIUM
    CVE-2024-24940

    In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives... Read more

    Affected Products : intellij_idea
    • EPSS Score: %0.00
    • Published: Feb. 06, 2024
    • Modified: May. 15, 2025

  • 7.5

    HIGH
    CVE-2024-24680

    An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.... Read more

    Affected Products : django
    • EPSS Score: %1.37
    • Published: Feb. 06, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-24543

    Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via crafted overflow data.... Read more

    Affected Products : ac9_firmware ac9
    • EPSS Score: %1.11
    • Published: Feb. 05, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-24495

    SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request.... Read more

    Affected Products : daily_habit_tracker
    • EPSS Score: %0.49
    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-24494

    Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php compone... Read more

    Affected Products : daily_habit_tracker
    • EPSS Score: %33.10
    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2024-24468

    Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php.... Read more

    Affected Products : flusity
    • EPSS Score: %1.61
    • Published: Feb. 05, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-24398

    Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function.... Read more

    Affected Products : dashboards.php
    • EPSS Score: %25.51
    • Published: Feb. 06, 2024
    • Modified: May. 15, 2025

  • 5.4

    MEDIUM
    CVE-2024-24397

    Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field.... Read more

    Affected Products : dashboards.js
    • EPSS Score: %0.94
    • Published: Feb. 05, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-24393

    File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request.... Read more

    Affected Products : pichome
    • EPSS Score: %3.06
    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025

  • 7.5

    HIGH
    CVE-2024-24259

    freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.... Read more

    Affected Products : mupdf
    • EPSS Score: %0.18
    • Published: Feb. 05, 2024
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2024-24113

    xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE.... Read more

    Affected Products : xxl-job
    • EPSS Score: %0.07
    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-24018

    A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list... Read more

    Affected Products : novel-plus
    • EPSS Score: %0.08
    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-24001

    jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's protect... Read more

    Affected Products : jsherp
    • EPSS Score: %0.06
    • Published: Feb. 07, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-23978

    Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected products are no longer supported.... Read more

    • EPSS Score: %0.36
    • Published: Feb. 02, 2024
    • Modified: May. 15, 2025

  • 6.7

    MEDIUM
    CVE-2024-23764

    Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15 and later, WithSecure Server Security 15 and later, WithSecure Email and Server Security 15 and later, and WithSecure Elements Endpoint Protection 17 ... Read more

    • EPSS Score: %0.03
    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025

  • 7.5

    HIGH
    CVE-2024-23756

    The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them.... Read more

    Affected Products : plone
    • EPSS Score: %0.22
    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025
Showing 20 of 291737 Results