Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-42787

    A Stored Cross Site Scripting (XSS) vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "description" parameter fie... Read more

    Affected Products : music_management_system
    • Published: Aug. 26, 2024
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-42765

    A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the "email" or "password" Login page parameters.... Read more

    Affected Products : bus_ticket_reservation_system
    • Published: Aug. 23, 2024
    • Modified: May. 06, 2025

  • 9.4

    CRITICAL
    CVE-2024-42764

    Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via /deleteTicket.php.... Read more

    Affected Products : bus_ticket_reservation_system
    • Published: Aug. 23, 2024
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2024-42762

    A Stored Cross Site Scripting (XSS) vulnerability was found in "/history.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the Name, Phone, and Email parameter fields.... Read more

    Affected Products : bus_ticket_reservation_system
    • Published: Aug. 22, 2024
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2024-42763

    A Reflected Cross Site Scripting (XSS) vulnerability was found in the "/schedule.php" page of the Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the "bookingdate" parameter.... Read more

    Affected Products : bus_ticket_reservation_system
    • Published: Aug. 22, 2024
    • Modified: May. 06, 2025

  • 6.1

    MEDIUM
    CVE-2024-42761

    A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin_schedule.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via scheduleDurationPHP parameter.... Read more

    Affected Products : bus_ticket_reservation_system
    • Published: Aug. 22, 2024
    • Modified: May. 06, 2025

  • 6.4

    MEDIUM
    CVE-2025-3488

    The WPML plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpml_language_switcher shortcode in versions 3.6.0 - 4.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it po... Read more

    Affected Products : wpml
    • Published: May. 02, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-50839

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/add_subject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the subject_code and title parameters.... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2024-50840

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class_name parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2024-50841

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/calendar_of_events.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the date_start, date_end, and t... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2024-50842

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/school_year.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the school_year parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2024-50837

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters.... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2024-50838

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and pi parameters.... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: May. 06, 2025

  • 7.5

    HIGH
    CVE-2024-23527

    An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. ... Read more

    Affected Products : avalanche
    • Published: Apr. 25, 2024
    • Modified: May. 06, 2025

  • 6.4

    MEDIUM
    CVE-2024-2328

    The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image title and alt text in all versions up to, and including, 4.22.11 due to insufficient input sanitization and output ... Read more

    • Published: May. 02, 2024
    • Modified: May. 06, 2025

  • 7.5

    HIGH
    CVE-2024-22778

    HackMD CodiMD <2.5.2 is vulnerable to Denial of Service.... Read more

    Affected Products : codimd codimd
    • Published: Feb. 21, 2024
    • Modified: May. 06, 2025

  • 5.5

    MEDIUM
    CVE-2024-3567

    A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a... Read more

    Affected Products : enterprise_linux qemu
    • Published: Apr. 10, 2024
    • Modified: May. 06, 2025

  • 5.3

    MEDIUM
    CVE-2023-6693

    A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This co... Read more

    Affected Products : enterprise_linux fedora qemu
    • EPSS Score: %0.03
    • Published: Jan. 02, 2024
    • Modified: May. 06, 2025

  • 6.5

    MEDIUM
    CVE-2025-45618

    Incorrect access control in the component /admin/sys/datasource/ajaxList of jeeweb-mybatis-springboot v0.0.1.RELEASE allows attackers to access sensitive information via a crafted payload.... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-45617

    Incorrect access control in the component /user/list of production_ssm v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload.... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization
Showing 20 of 291358 Results