Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-11213

    A vulnerability, which was classified as critical, was found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /admin/edit_role.php. The manipulation of the argument id leads to sql injection. It is possible t... Read more

    Affected Products : best_employee_management_system
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 8.8

    HIGH
    CVE-2024-11212

    A vulnerability, which was classified as critical, has been found in SourceCodester Best Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/fetch_product_details.php. The manipulation of the argument ba... Read more

    Affected Products : best_employee_management_system
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 6.4

    MEDIUM
    CVE-2024-9682

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form Builder widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on us... Read more

    Affected Products : royal_elementor_addons
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-10571

    The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary ... Read more

    Affected Products : chartify
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 5.4

    MEDIUM
    CVE-2024-48284

    A Reflected Cross-Site Scripting (XSS) vulnerability was found in the /search-result.php page of the PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary scripts via the searc... Read more

    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 5.4

    MEDIUM
    CVE-2021-3987

    An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the `create_shelf` method in `shelf.py` not verifying if the ... Read more

    Affected Products : calibre-web
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 6.1

    MEDIUM
    CVE-2021-3988

    A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user inpu... Read more

    Affected Products : calibre-web
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 7.4

    HIGH
    CVE-2022-31671

    Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authent... Read more

    Affected Products : harbor
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 7.2

    HIGH
    CVE-2024-11214

    A vulnerability has been found in SourceCodester Best Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument website_image leads to unrestricted u... Read more

    Affected Products : best_employee_management_system
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-11028

    The MultiManager WP – Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the user impersonation feature inappropriately determining the current use... Read more

    Affected Products : multimanager_wp
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 4.3

    MEDIUM
    CVE-2021-3991

    An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended per... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 4.8

    MEDIUM
    CVE-2022-1226

    A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the import Data set feature via a spreadsheet file upload. T... Read more

    Affected Products : phpipam
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 6.4

    MEDIUM
    CVE-2022-31667

    Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to.  By sending a request that attempts to update a robot account, and specifying a robot account id and... Read more

    Affected Products : harbor
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 7.7

    HIGH
    CVE-2022-31668

    Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could mod... Read more

    Affected Products : harbor
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 7.7

    HIGH
    CVE-2022-31670

    Harbor fails to validate the user permissions when updating tag retention policies.  By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker cou... Read more

    Affected Products : harbor
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 7.7

    HIGH
    CVE-2022-31669

    Harbor fails to validate the user permissions when updating tag immutability policies.  By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attack... Read more

    Affected Products : harbor
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-52306

    FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9.... Read more

    Affected Products : filemanager
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 10.0

    CRITICAL
    CVE-2022-1884

    A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter during file uploads. An attacker can set `tree_path=.git.` t... Read more

    Affected Products : gogs windows
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2023-0109

    A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is acces... Read more

    Affected Products : memos
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2023-0737

    wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in version 2.5.4.... Read more

    Affected Products : wallabag
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024
Showing 20 of 291274 Results