Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-51586

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BRAFT Elementary Addons allows Stored XSS.This issue affects Elementary Addons: from n/a through 2.0.4.... Read more

    Affected Products : elementary_addons
    • Published: Nov. 09, 2024
    • Modified: Nov. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-51590

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hoosoft Hoo Addons for Elementor allows DOM-Based XSS.This issue affects Hoo Addons for Elementor: from n/a through 1.0.6.... Read more

    Affected Products : hoo_addons_for_elementor
    • Published: Nov. 09, 2024
    • Modified: Nov. 18, 2024

  • 7.2

    HIGH
    CVE-2024-50826

    A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters.... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: Nov. 18, 2024

  • 7.2

    HIGH
    CVE-2024-50825

    A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: Nov. 18, 2024

  • 7.2

    HIGH
    CVE-2024-50824

    A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-50823

    A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: Nov. 18, 2024

  • 7.2

    HIGH
    CVE-2024-50835

    A SQL Injection vulnerability was found in /admin/edit_student.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters.... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: Nov. 18, 2024

  • 7.2

    HIGH
    CVE-2024-50834

    A SQL Injection was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0 via the firstname and lastname parameters.... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-50833

    A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters.... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: Nov. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-51598

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kendysond Selar.Co Widget allows DOM-Based XSS.This issue affects Selar.Co Widget: from n/a through 1.2.... Read more

    Affected Products : selar.co_widget
    • Published: Nov. 09, 2024
    • Modified: Nov. 18, 2024

  • 7.2

    HIGH
    CVE-2024-50832

    A SQL Injection vulnerability was found in /admin/edit_class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: Nov. 18, 2024

  • 7.2

    HIGH
    CVE-2024-50831

    A SQL Injection was found in /admin/admin_user.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: Nov. 18, 2024

  • 7.2

    HIGH
    CVE-2024-50830

    A SQL Injection vulnerability was found in /admin/calendar_of_events.php in kashipara E-learning Management System Project 1.0 via the date_start, date_end, and title parameters.... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: Nov. 18, 2024

  • 7.2

    HIGH
    CVE-2024-50829

    A SQL Injection vulnerability was found in /admin/edit_subject.php in kashipara E-learning Management System Project 1.0 via the unit parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: Nov. 18, 2024

  • 7.2

    HIGH
    CVE-2024-50828

    A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Management System Project 1.0 via the d parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: Nov. 18, 2024

  • 7.2

    HIGH
    CVE-2024-50827

    A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management System Project 1.0 via the subject_code parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: Nov. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-42499

    Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an attacker may be able to know whether a file exists at a specific path, and/or obtain... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 4.8

    MEDIUM
    CVE-2024-45087

    IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials di... Read more

    Affected Products : websphere_application_server
    • Published: Nov. 11, 2024
    • Modified: Nov. 18, 2024

  • 6.4

    MEDIUM
    CVE-2024-45088

    IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials di... Read more

    Affected Products : maximo_asset_management
    • Published: Nov. 11, 2024
    • Modified: Nov. 18, 2024

  • 7.8

    HIGH
    CVE-2024-50323

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024
Showing 20 of 291395 Results