Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-43627

    Windows Telephony Service Remote Code Execution Vulnerability... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 8.8

    HIGH
    CVE-2024-43628

    Windows Telephony Service Remote Code Execution Vulnerability... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 7.2

    HIGH
    CVE-2024-50972

    A SQL injection vulnerability in printtool.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the borrow_id parameter.... Read more

    Affected Products : construction_management_system
    • Published: Nov. 13, 2024
    • Modified: Nov. 18, 2024

  • 7.2

    HIGH
    CVE-2024-50971

    A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the map_id parameter.... Read more

    Affected Products : construction_management_system
    • Published: Nov. 13, 2024
    • Modified: Nov. 18, 2024

  • 8.8

    HIGH
    CVE-2024-50970

    A SQL injection vulnerability in orderview1.php of Itsourcecode Online Furniture Shopping Project 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.... Read more

    Affected Products : online_furniture_shopping_project
    • Published: Nov. 13, 2024
    • Modified: Nov. 18, 2024

  • 5.4

    MEDIUM
    CVE-2024-42834

    A stored cross-site scripting (XSS) vulnerability in the Create Customer API in Incognito Service Activation Center (SAC) UI v14.11 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the lastName p... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 18, 2024

  • 7.8

    HIGH
    CVE-2024-49028

    Microsoft Excel Remote Code Execution Vulnerability... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 7.8

    HIGH
    CVE-2024-49031

    Microsoft Office Graphics Remote Code Execution Vulnerability... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 7.8

    HIGH
    CVE-2024-49032

    Microsoft Office Graphics Remote Code Execution Vulnerability... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-11102

    A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /vm/doctor/edit-doc.php. The manipulation of the argument name leads to cross si... Read more

    Affected Products : hospital_management_system
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 7.8

    HIGH
    CVE-2024-48837

    Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Comm... Read more

    Affected Products : smartfabric_os10
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 7.8

    HIGH
    CVE-2024-50209

    In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Add a check for memory allocation __alloc_pbl() can return error when memory allocation fails. Driver is not checking the status on one of the instances.... Read more

    Affected Products : linux_kernel
    • Published: Nov. 08, 2024
    • Modified: Nov. 18, 2024

  • 8.8

    HIGH
    CVE-2024-38255

    SQL Server Native Client Remote Code Execution Vulnerability... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-51037

    An issue in kodbox v.1.52.04 and before allows a remote attacker to obtain sensitive information via the captcha feature in the password reset function.... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-49593

    In Advanced Custom Fields (ACF) before 6.3.9 and Secure Custom Fields before 6.3.6.3 (plugins for WordPress), using the Field Group editor to edit one of the plugin's fields can result in execution of a stored XSS payload. NOTE: if you wish to use the WP ... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Nov. 18, 2024

  • 4.7

    MEDIUM
    CVE-2021-27701

    SOCIFI Socifi Guest wifi as SAAS is affected by Cross Site Request Forgery (CSRF) via the Socifi wifi portal. The application does not contain a CSRF token and request validation. An attacker can Add/Modify any random user data by sending a crafted CSRF r... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 7.6

    HIGH
    CVE-2021-27700

    SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure Permissions. Any authorized customer with partner mode can switch to another customer dashboard and perform actions like modify user, delete user, etc.... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 8.8

    HIGH
    CVE-2024-42676

    File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. Aspx? Action=DNPageAjaxPostBack component... Read more

    • Published: Aug. 15, 2024
    • Modified: Nov. 18, 2024

  • 3.3

    LOW
    CVE-2024-50211

    In the Linux kernel, the following vulnerability has been resolved: udf: refactor inode_bmap() to handle error Refactor inode_bmap() to handle error since udf_next_aext() can return error now. On situations like ftruncate, udf_extend_file() can now dete... Read more

    Affected Products : linux_kernel
    • Published: Nov. 08, 2024
    • Modified: Nov. 18, 2024

  • 5.4

    MEDIUM
    CVE-2024-11021

    Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their b... Read more

    Affected Products : webopac
    • Published: Nov. 11, 2024
    • Modified: Nov. 18, 2024
Showing 20 of 291316 Results