Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-10534

    Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS) allows Traffic Injection.This issue affects Personnel Attendance Control Systems (PACS) / Access Control Sec... Read more

    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 8.8

    HIGH
    CVE-2024-48993

    SQL Server Native Client Remote Code Execution Vulnerability... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 19, 2024

  • 7.6

    HIGH
    CVE-2024-1097

    A stored cross-site scripting (XSS) vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the... Read more

    Affected Products : webcalendar
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 6.1

    MEDIUM
    CVE-2024-1240

    An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, whi... Read more

    Affected Products : pyload
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-11237

    A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to s... Read more

    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 7.2

    HIGH
    CVE-2024-11211

    A vulnerability classified as critical has been found in EyouCMS up to 1.6.7. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit h... Read more

    Affected Products : eyoucms
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 6.9

    MEDIUM
    CVE-2024-11238

    A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sys_ui_component/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath l... Read more

    Affected Products : landray_ekp
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-11239

    A vulnerability has been found in Landray EKP up to 16.0 and classified as critical. This vulnerability affects the function deleteFile of the file /sys/common/import.do?method=deleteFile of the component API Interface. The manipulation of the argument fo... Read more

    Affected Products : landray_ekp
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-11210

    A vulnerability was found in EyouCMS 1.51. It has been rated as critical. This issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack ma... Read more

    Affected Products : eyoucms
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 7.7

    HIGH
    CVE-2024-52292

    Craft is a content management system (CMS). The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-e... Read more

    Affected Products : craft_cms
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 8.8

    HIGH
    CVE-2024-49256

    Incorrect Authorization vulnerability in WPChill Htaccess File Editor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Htaccess File Editor: from n/a through 1.0.18.... Read more

    Affected Products : htaccess_file_editor
    • Published: Nov. 01, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-43323

    Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28.... Read more

    Affected Products : reviewx
    • Published: Nov. 01, 2024
    • Modified: Nov. 19, 2024

  • 5.9

    MEDIUM
    CVE-2024-43211

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps MailChimp Subscribe Forms allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through 4.0.9.9.... Read more

    Affected Products : mailchimp_subscribe_form
    • Published: Nov. 01, 2024
    • Modified: Nov. 19, 2024

  • 8.4

    HIGH
    CVE-2024-52291

    Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This enables the attacker to specify sensitive folders as the ... Read more

    Affected Products : craft_cms
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-52305

    UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can ... Read more

    Affected Products : unopim
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 7.5

    HIGH
    CVE-2024-42392

    Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters.... Read more

    Affected Products : mongoose
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-42383

    Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field.... Read more

    Affected Products : mongoose
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 7.0

    HIGH
    CVE-2024-42385

    Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters.... Read more

    Affected Products : mongoose
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 8.2

    HIGH
    CVE-2024-42386

    Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.... Read more

    Affected Products : mongoose
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 5.3

    MEDIUM
    CVE-2024-42387

    Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.... Read more

    Affected Products : mongoose
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024
Showing 20 of 291255 Results