Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-43499

    .NET and Visual Studio Denial of Service Vulnerability... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 19, 2024

  • 8.7

    HIGH
    CVE-2024-39609

    Improper Access Control in UEFI firmware for some Intel(R) Server Board M70KLP may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 8.7

    HIGH
    CVE-2024-41167

    Improper input validation in UEFI firmware in some Intel(R) Server Board M10JNP2SB Family may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    Affected Products : m10jnp2sb_firmware m10jnp2sb
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 8.1

    HIGH
    CVE-2024-11208

    A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The manipulation leads to session expiration. The attack may be launched remotely. The complexity o... Read more

    Affected Products : central_authentication_service
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-50636

    PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-11209

    A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotel... Read more

    Affected Products : central_authentication_service
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-10534

    Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS) allows Traffic Injection.This issue affects Personnel Attendance Control Systems (PACS) / Access Control Sec... Read more

    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 8.8

    HIGH
    CVE-2024-48993

    SQL Server Native Client Remote Code Execution Vulnerability... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 19, 2024

  • 7.6

    HIGH
    CVE-2024-1097

    A stored cross-site scripting (XSS) vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the... Read more

    Affected Products : webcalendar
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 6.1

    MEDIUM
    CVE-2024-1240

    An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, whi... Read more

    Affected Products : pyload
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-11237

    A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to s... Read more

    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 7.2

    HIGH
    CVE-2024-11211

    A vulnerability classified as critical has been found in EyouCMS up to 1.6.7. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit h... Read more

    Affected Products : eyoucms
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 6.9

    MEDIUM
    CVE-2024-11238

    A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sys_ui_component/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath l... Read more

    Affected Products : landray_ekp
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-11239

    A vulnerability has been found in Landray EKP up to 16.0 and classified as critical. This vulnerability affects the function deleteFile of the file /sys/common/import.do?method=deleteFile of the component API Interface. The manipulation of the argument fo... Read more

    Affected Products : landray_ekp
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-11210

    A vulnerability was found in EyouCMS 1.51. It has been rated as critical. This issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack ma... Read more

    Affected Products : eyoucms
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 7.7

    HIGH
    CVE-2024-52292

    Craft is a content management system (CMS). The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-e... Read more

    Affected Products : craft_cms
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 8.8

    HIGH
    CVE-2024-49256

    Incorrect Authorization vulnerability in WPChill Htaccess File Editor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Htaccess File Editor: from n/a through 1.0.18.... Read more

    Affected Products : htaccess_file_editor
    • Published: Nov. 01, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-43323

    Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28.... Read more

    Affected Products : reviewx
    • Published: Nov. 01, 2024
    • Modified: Nov. 19, 2024

  • 5.9

    MEDIUM
    CVE-2024-43211

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps MailChimp Subscribe Forms allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through 4.0.9.9.... Read more

    Affected Products : mailchimp_subscribe_form
    • Published: Nov. 01, 2024
    • Modified: Nov. 19, 2024

  • 8.4

    HIGH
    CVE-2024-52291

    Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This enables the attacker to specify sensitive folders as the ... Read more

    Affected Products : craft_cms
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024
Showing 20 of 291513 Results