Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-11102

    A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /vm/doctor/edit-doc.php. The manipulation of the argument name leads to cross si... Read more

    Affected Products : hospital_management_system
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 7.8

    HIGH
    CVE-2024-48837

    Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Comm... Read more

    Affected Products : smartfabric_os10
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 7.8

    HIGH
    CVE-2024-50209

    In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Add a check for memory allocation __alloc_pbl() can return error when memory allocation fails. Driver is not checking the status on one of the instances.... Read more

    Affected Products : linux_kernel
    • Published: Nov. 08, 2024
    • Modified: Nov. 18, 2024

  • 8.8

    HIGH
    CVE-2024-38255

    SQL Server Native Client Remote Code Execution Vulnerability... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-51037

    An issue in kodbox v.1.52.04 and before allows a remote attacker to obtain sensitive information via the captcha feature in the password reset function.... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-49593

    In Advanced Custom Fields (ACF) before 6.3.9 and Secure Custom Fields before 6.3.6.3 (plugins for WordPress), using the Field Group editor to edit one of the plugin's fields can result in execution of a stored XSS payload. NOTE: if you wish to use the WP ... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Nov. 18, 2024

  • 4.7

    MEDIUM
    CVE-2021-27701

    SOCIFI Socifi Guest wifi as SAAS is affected by Cross Site Request Forgery (CSRF) via the Socifi wifi portal. The application does not contain a CSRF token and request validation. An attacker can Add/Modify any random user data by sending a crafted CSRF r... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 7.6

    HIGH
    CVE-2021-27700

    SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure Permissions. Any authorized customer with partner mode can switch to another customer dashboard and perform actions like modify user, delete user, etc.... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 8.8

    HIGH
    CVE-2024-42676

    File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. Aspx? Action=DNPageAjaxPostBack component... Read more

    • Published: Aug. 15, 2024
    • Modified: Nov. 18, 2024

  • 3.3

    LOW
    CVE-2024-50211

    In the Linux kernel, the following vulnerability has been resolved: udf: refactor inode_bmap() to handle error Refactor inode_bmap() to handle error since udf_next_aext() can return error now. On situations like ftruncate, udf_extend_file() can now dete... Read more

    Affected Products : linux_kernel
    • Published: Nov. 08, 2024
    • Modified: Nov. 18, 2024

  • 5.4

    MEDIUM
    CVE-2024-11021

    Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their b... Read more

    Affected Products : webopac
    • Published: Nov. 11, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-11020

    Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.... Read more

    Affected Products : webopac
    • Published: Nov. 11, 2024
    • Modified: Nov. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-11019

    Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques.... Read more

    Affected Products : webopac
    • Published: Nov. 11, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-11018

    Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server.... Read more

    Affected Products : webopac
    • Published: Nov. 11, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-11101

    A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/search-invoices.php. The manipulation of the argument searchdata leads to sql injection... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-11100

    A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument name leads to sql inject... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 8.8

    HIGH
    CVE-2024-11017

    Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server.... Read more

    Affected Products : webopac
    • Published: Nov. 11, 2024
    • Modified: Nov. 18, 2024

  • 7.7

    HIGH
    CVE-2024-49521

    Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnera... Read more

    Affected Products : commerce magento
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 8.8

    HIGH
    CVE-2024-10990

    A vulnerability classified as critical was found in SourceCodester Online Veterinary Appointment System 1.0. This vulnerability affects unknown code of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. ... Read more

    • Published: Nov. 08, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-10991

    A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /editBranchResult.php. The manipulation of the argument ID leads to sql injection. The at... Read more

    Affected Products : hospital_appointment_system
    • Published: Nov. 08, 2024
    • Modified: Nov. 18, 2024
Showing 20 of 291269 Results