Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-25443

    An issue in the HuginBase::ImageVariable<double>::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image.... Read more

    Affected Products : hugin
    • EPSS Score: %0.17
    • Published: Feb. 09, 2024
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2024-25419

    flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php.... Read more

    Affected Products : flusity
    • EPSS Score: %0.20
    • Published: Feb. 11, 2024
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2024-25418

    flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php.... Read more

    Affected Products : flusity
    • EPSS Score: %0.15
    • Published: Feb. 11, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-25315

    Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2.... Read more

    Affected Products : hotel_management_system
    • EPSS Score: %0.18
    • Published: Feb. 09, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-25314

    Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2.... Read more

    Affected Products : hotel_management_system
    • EPSS Score: %0.18
    • Published: Feb. 09, 2024
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2024-25305

    Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/index.php.... Read more

    Affected Products : simple_school_management_system
    • EPSS Score: %0.07
    • Published: Feb. 09, 2024
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2024-25304

    Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php."... Read more

    Affected Products : simple_school_management_system
    • EPSS Score: %0.18
    • Published: Feb. 09, 2024
    • Modified: May. 15, 2025

  • 7.8

    HIGH
    CVE-2024-25004

    KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arb... Read more

    Affected Products : kitty
    • EPSS Score: %0.62
    • Published: Feb. 09, 2024
    • Modified: May. 15, 2025

  • 4.3

    MEDIUM
    CVE-2024-24940

    In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives... Read more

    Affected Products : intellij_idea
    • EPSS Score: %0.00
    • Published: Feb. 06, 2024
    • Modified: May. 15, 2025

  • 7.5

    HIGH
    CVE-2024-24680

    An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.... Read more

    Affected Products : django
    • EPSS Score: %1.37
    • Published: Feb. 06, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-24543

    Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via crafted overflow data.... Read more

    Affected Products : ac9_firmware ac9
    • EPSS Score: %1.11
    • Published: Feb. 05, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-24495

    SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request.... Read more

    Affected Products : daily_habit_tracker
    • EPSS Score: %0.49
    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-24494

    Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php compone... Read more

    Affected Products : daily_habit_tracker
    • EPSS Score: %33.10
    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2024-24468

    Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php.... Read more

    Affected Products : flusity
    • EPSS Score: %1.61
    • Published: Feb. 05, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-24398

    Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function.... Read more

    Affected Products : dashboards.php
    • EPSS Score: %25.51
    • Published: Feb. 06, 2024
    • Modified: May. 15, 2025

  • 5.4

    MEDIUM
    CVE-2024-24397

    Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field.... Read more

    Affected Products : dashboards.js
    • EPSS Score: %0.94
    • Published: Feb. 05, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-24393

    File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request.... Read more

    Affected Products : pichome
    • EPSS Score: %3.06
    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025

  • 7.5

    HIGH
    CVE-2024-24259

    freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.... Read more

    Affected Products : mupdf
    • EPSS Score: %0.18
    • Published: Feb. 05, 2024
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2024-24113

    xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE.... Read more

    Affected Products : xxl-job
    • EPSS Score: %0.07
    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-24018

    A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list... Read more

    Affected Products : novel-plus
    • EPSS Score: %0.08
    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025
Showing 20 of 291741 Results