Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2024-50525

    Unrestricted Upload of File with Dangerous Type vulnerability in Helloprint Plug your WooCommerce into the largest catalog of customized print products from Helloprint allows Upload a Web Shell to a Web Server.This issue affects Plug your WooCommerce into... Read more

    Affected Products : helloprint
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 4.8

    MEDIUM
    CVE-2024-7876

    The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Appointment Type settings, which could allow high privilege users such as admin to perform Cross-Site ... Read more

    Affected Products : simply_schedule_appointments
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 4.8

    MEDIUM
    CVE-2024-7877

    The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scri... Read more

    Affected Products : simply_schedule_appointments
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 8.8

    HIGH
    CVE-2024-9459

    Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module.... Read more

    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 7.5

    HIGH
    CVE-2024-49357

    ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as `http://<Server-IP>/v1/users/image?path=/var/lib/casaos/1/app_order.json` and `htt... Read more

    Affected Products : zimaos
    • Published: Oct. 24, 2024
    • Modified: Nov. 06, 2024

  • 5.3

    MEDIUM
    CVE-2024-49358

    ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint `http://<Server-IP>/v1/users/login` in ZimaOS returns distinct responses based on whether a username e... Read more

    Affected Products : zimaos
    • Published: Oct. 24, 2024
    • Modified: Nov. 06, 2024

  • 7.5

    HIGH
    CVE-2024-49359

    ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint `http://<Zima_Server_IP:PORT>/v2_1/file` in ZimaOS is vulnerable to a directory traversal attack, allo... Read more

    Affected Products : zimaos
    • Published: Oct. 24, 2024
    • Modified: Nov. 06, 2024

  • 8.4

    HIGH
    CVE-2024-47137

    in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.... Read more

    Affected Products : openharmony
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 5.5

    MEDIUM
    CVE-2024-47402

    in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through out-of-bounds read.... Read more

    Affected Products : openharmony
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 5.3

    MEDIUM
    CVE-2024-48932

    ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint `http://<Server-ip>/v1/users/name` allows unauthenticated users to access sensitive information, such ... Read more

    Affected Products : zimaos
    • Published: Oct. 24, 2024
    • Modified: Nov. 06, 2024

  • 8.4

    HIGH
    CVE-2024-47404

    in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double free.... Read more

    Affected Products : openharmony
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 8.4

    HIGH
    CVE-2024-47797

    in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.... Read more

    Affected Products : openharmony
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 7.5

    HIGH
    CVE-2024-10810

    A vulnerability was found in code-projects E-Health Care System 1.0. It has been classified as critical. Affected is an unknown function of the file Doctor/app_request.php. The manipulation of the argument app_id leads to sql injection. It is possible to ... Read more

    Affected Products : e-health_care_system
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 7.5

    HIGH
    CVE-2024-10809

    A vulnerability was found in code-projects E-Health Care System 1.0 and classified as critical. This issue affects some unknown processing of the file /Doctor/chat.php. The manipulation of the argument name/message leads to sql injection. The attack may b... Read more

    Affected Products : e-health_care_system
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 7.5

    HIGH
    CVE-2024-10808

    A vulnerability has been found in code-projects E-Health Care System 1.0 and classified as critical. This vulnerability affects unknown code of the file Admin/req_detail.php. The manipulation of the argument id leads to sql injection. The attack can be in... Read more

    Affected Products : e-health_care_system
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 5.1

    MEDIUM
    CVE-2024-10807

    A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been rated as problematic. This issue affects some unknown processing of the file hms/doctor/search.php. The manipulation of the argument searchdata leads to cross site scripti... Read more

    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 4.7

    MEDIUM
    CVE-2024-10748

    A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up App 4.47.3 on Android. This issue affects some unknown processing of the file gr/desquared/kmmsharedmodule/db/RealmDB.java of the component Realm Database Han... Read more

    Affected Products : what\'s_up
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 5.1

    MEDIUM
    CVE-2024-10806

    A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as problematic. This vulnerability affects unknown code of the file betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to cro... Read more

    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-10791

    A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /doctorAction.php. The manipulation of the argument Name leads to sql injection. The atta... Read more

    Affected Products : hospital_appointment_system
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 8.1

    HIGH
    CVE-2024-10749

    A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. Affected is the function script of the file /app/admin/controller/api/Plugs.php. The manipulation of the argument uptoken leads to deserialization. It is possible to ... Read more

    Affected Products : thinkadmin
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024
Showing 20 of 291205 Results