Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2024-50211

    In the Linux kernel, the following vulnerability has been resolved: udf: refactor inode_bmap() to handle error Refactor inode_bmap() to handle error since udf_next_aext() can return error now. On situations like ftruncate, udf_extend_file() can now dete... Read more

    Affected Products : linux_kernel
    • Published: Nov. 08, 2024
    • Modified: Nov. 18, 2024

  • 5.4

    MEDIUM
    CVE-2024-11021

    Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their b... Read more

    Affected Products : webopac
    • Published: Nov. 11, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-11020

    Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.... Read more

    Affected Products : webopac
    • Published: Nov. 11, 2024
    • Modified: Nov. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-11019

    Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques.... Read more

    Affected Products : webopac
    • Published: Nov. 11, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-11018

    Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server.... Read more

    Affected Products : webopac
    • Published: Nov. 11, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-11101

    A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/search-invoices.php. The manipulation of the argument searchdata leads to sql injection... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-11100

    A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument name leads to sql inject... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 8.8

    HIGH
    CVE-2024-11017

    Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server.... Read more

    Affected Products : webopac
    • Published: Nov. 11, 2024
    • Modified: Nov. 18, 2024

  • 7.7

    HIGH
    CVE-2024-49521

    Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnera... Read more

    Affected Products : commerce magento
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 8.8

    HIGH
    CVE-2024-10990

    A vulnerability classified as critical was found in SourceCodester Online Veterinary Appointment System 1.0. This vulnerability affects unknown code of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. ... Read more

    • Published: Nov. 08, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-10991

    A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /editBranchResult.php. The manipulation of the argument ID leads to sql injection. The at... Read more

    Affected Products : hospital_appointment_system
    • Published: Nov. 08, 2024
    • Modified: Nov. 18, 2024

  • 7.8

    HIGH
    CVE-2024-49526

    Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a ... Read more

    Affected Products : macos windows animate
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 8.8

    HIGH
    CVE-2024-10993

    A vulnerability, which was classified as critical, was found in Codezips Online Institute Management System 1.0. Affected is an unknown function of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. ... Read more

    • Published: Nov. 08, 2024
    • Modified: Nov. 18, 2024

  • 8.8

    HIGH
    CVE-2024-10994

    A vulnerability has been found in Codezips Online Institute Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit_user.php. The manipulation of the argument image leads to unrestrict... Read more

    • Published: Nov. 08, 2024
    • Modified: Nov. 18, 2024

  • 5.5

    MEDIUM
    CVE-2024-49527

    Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue... Read more

    Affected Products : macos windows animate
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 5.4

    MEDIUM
    CVE-2024-52947

    A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page (upgradeSession / forceUpgrade) if the "Upgrade session... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 5.4

    MEDIUM
    CVE-2024-50836

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and lastname parameters.... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: Nov. 18, 2024

  • 7.8

    HIGH
    CVE-2024-49528

    Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must o... Read more

    Affected Products : macos windows animate
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 6.2

    MEDIUM
    CVE-2024-38203

    Windows Package Library Manager Information Disclosure Vulnerability... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 7.2

    HIGH
    CVE-2024-50327

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024
Showing 20 of 291221 Results