Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-45842

    Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests.... Read more

    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 8.1

    HIGH
    CVE-2024-47005

    Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted. A non-administrative user may execute some configuration APIs.... Read more

    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-47406

    Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability.... Read more

    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 7.4

    HIGH
    CVE-2024-47801

    Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web brows... Read more

    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 6.2

    MEDIUM
    CVE-2024-48870

    Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of ot... Read more

    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 8.8

    HIGH
    CVE-2024-51248

    In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function.... Read more

    Affected Products : vigor3900_firmware vigor3900
    • Published: Nov. 01, 2024
    • Modified: Nov. 05, 2024

  • 8.8

    HIGH
    CVE-2024-51247

    In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function.... Read more

    Affected Products : vigor3900_firmware vigor3900
    • Published: Nov. 01, 2024
    • Modified: Nov. 05, 2024

  • 8.8

    HIGH
    CVE-2024-51245

    In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function.... Read more

    Affected Products : vigor3900_firmware vigor3900
    • Published: Nov. 01, 2024
    • Modified: Nov. 05, 2024

  • 8.8

    HIGH
    CVE-2024-51244

    In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function.... Read more

    Affected Products : vigor3900_firmware vigor3900
    • Published: Nov. 01, 2024
    • Modified: Nov. 05, 2024

  • 5.7

    MEDIUM
    CVE-2024-51399

    Altai Technologies Ltd Altai IX500 Indoor 22 802.11ac Wave 2 AP After login, there are file reads in the background, and attackers can obtain sensitive information such as user credentials, system configuration, and database connection strings, which can ... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 05, 2024

  • 6.5

    MEDIUM
    CVE-2024-51398

    Altai Technologies Ltd Altai X500 Indoor 22 802.11ac Wave 2 AP web Management Weak password leakage in the background may lead to unauthorized access, data theft, and network attacks, seriously threatening network security.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 05, 2024

  • 6.1

    MEDIUM
    CVE-2024-48057

    localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate parameters, it can cause a one-time storage XSS, which will trigger the payload when a user accesses the homepage.... Read more

    Affected Products :
    • Published: Nov. 04, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-10736

    A vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument email leads to sql injection. The atta... Read more

    • Published: Nov. 03, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-10737

    A vulnerability classified as critical has been found in Codezips Free Exam Hall Seating Management System 1.0. Affected is an unknown function of the file /teacher.php. The manipulation of the argument email leads to sql injection. It is possible to laun... Read more

    • Published: Nov. 03, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-10752

    A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file /productsadd.php. The manipulation of the argument id/name leads to sql injection. It is possible to initiat... Read more

    Affected Products : pet_shop_management_system
    • Published: Nov. 04, 2024
    • Modified: Nov. 05, 2024

  • 6.4

    MEDIUM
    CVE-2024-10342

    The League of Legends Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it... Read more

    Affected Products : league_of_legends_shortcodes
    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 6.5

    MEDIUM
    CVE-2024-10341

    The League of Legends Shortcodes plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the e... Read more

    Affected Products : league_of_legends_shortcodes
    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 6.4

    MEDIUM
    CVE-2024-10150

    The Bamazoo – Button Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dgs shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attribute... Read more

    Affected Products : button_generator
    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 6.1

    MEDIUM
    CVE-2024-9607

    The 10Web Social Post Feed plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated... Read more

    Affected Products : 10web_social_post_feed
    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-9302

    The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.3.7. This is due to the verify_otp_forgot_password() and update_passwo... Read more

    Affected Products : app_builder
    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024
Showing 20 of 291162 Results