Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-10607

    A vulnerability was found in code-projects Courier Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /track-result.php. The manipulation of the argument Consignment leads to sql injection. The att... Read more

    Affected Products : courier_management_system
    • Published: Nov. 01, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-10608

    A vulnerability was found in code-projects Courier Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument txtusername leads to sql injection. The attack may... Read more

    Affected Products : courier_management_system
    • Published: Nov. 01, 2024
    • Modified: Nov. 05, 2024

  • 8.8

    HIGH
    CVE-2024-10610

    A vulnerability has been found in ESAFENET CDG 5 and classified as critical. This vulnerability affects the function delProtocol of the file /com/esafenet/servlet/system/ProtocolService.java. The manipulation of the argument id leads to sql injection. The... Read more

    Affected Products : cdg
    • Published: Nov. 01, 2024
    • Modified: Nov. 05, 2024

  • 8.8

    HIGH
    CVE-2024-10613

    A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delSystemEncryptPolicy of the file /com/esafenet/servlet/system/SystemEncryptPolicyService.java. The manipulation of the argument... Read more

    Affected Products : cdg
    • Published: Nov. 01, 2024
    • Modified: Nov. 05, 2024

  • 8.8

    HIGH
    CVE-2024-10612

    A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function removeHookInvalidCourse of the file /com/esafenet/servlet/system/HookInvalidCourseService.java. The manipulation of the argument id leads to sql inje... Read more

    Affected Products : cdg
    • Published: Nov. 01, 2024
    • Modified: Nov. 05, 2024

  • 8.8

    HIGH
    CVE-2024-10611

    A vulnerability was found in ESAFENET CDG 5 and classified as critical. This issue affects the function delProtocol of the file /com/esafenet/servlet/system/PrintScreenListService.java. The manipulation of the argument id leads to sql injection. The attac... Read more

    Affected Products : cdg
    • Published: Nov. 01, 2024
    • Modified: Nov. 05, 2024

  • 8.8

    HIGH
    CVE-2024-10596

    A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function delEntryptPolicySort of the file /com/esafenet/servlet/system/EncryptPolicyTypeService.java. The manipulation of the argument id leads to sq... Read more

    Affected Products : cdg
    • Published: Oct. 31, 2024
    • Modified: Nov. 05, 2024

  • 5.5

    MEDIUM
    CVE-2024-50612

    libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read.... Read more

    Affected Products : libsndfile
    • Published: Oct. 27, 2024
    • Modified: Nov. 05, 2024

  • 3.1

    LOW
    CVE-2024-51744

    golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired ... Read more

    Affected Products :
    • Published: Nov. 04, 2024
    • Modified: Nov. 05, 2024

  • 5.3

    MEDIUM
    CVE-2024-51500

    Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to be from the special broadcast address (0xFFFFFFFF) which could result in unexpected behavior and potential for DDoS attacks... Read more

    Affected Products : meshtastic_firmware
    • Published: Nov. 04, 2024
    • Modified: Nov. 05, 2024

  • 6.0

    MEDIUM
    CVE-2024-51498

    cobalt is a media downloader that doesn't piss you off. A malicious cobalt instance could serve links with the `javascript:` protocol, resulting in Cross-site Scripting (XSS) when the user tries to download an item from a picker. This issue has been prese... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 05, 2024

  • 6.4

    MEDIUM
    CVE-2024-10340

    The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'scu' shortcode in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. Th... Read more

    • Published: Nov. 05, 2024
    • Modified: Nov. 05, 2024

  • 5.1

    MEDIUM
    CVE-2024-50346

    WebFeed is a lightweight web feed reader extension for Firefox/Chrome. Multiple HTML injection vulnerabilities in WebFeed can lead to CSRF and UI spoofing attacks. A remote attacker can provide malicious RSS feeds and attract the victim user to visit it u... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-37846

    MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page.... Read more

    Affected Products : mango
    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 5.4

    MEDIUM
    CVE-2024-37844

    A stored cross-site scripting (XSS) vulnerability in MangoOS before 5.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : mango
    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-37847

    An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted file.... Read more

    Affected Products : mango mangoapi
    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 8.8

    HIGH
    CVE-2024-48217

    An Insecure Direct Object Reference (IDOR) in the dashboard of SiSMART v7.4.0 allows attackers to execute a horizontal-privilege escalation.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 05, 2024

  • 9.3

    CRITICAL
    CVE-2024-20412

    A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to th... Read more

    • Published: Oct. 23, 2024
    • Modified: Nov. 05, 2024

  • 5.8

    MEDIUM
    CVE-2024-20431

    A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control policy. This vulnerability is due to improper assignment of geolocati... Read more

    Affected Products : firepower_threat_defense
    • Published: Oct. 23, 2024
    • Modified: Nov. 05, 2024

  • 9.0

    HIGH
    CVE-2024-10661

    A vulnerability has been found in Tenda AC15 15.03.05.19 and classified as critical. This vulnerability affects the function SetDlnaCfg of the file /goform/SetDlnaCfg. The manipulation of the argument scanList leads to stack-based buffer overflow. The att... Read more

    Affected Products : ac15_firmware ac15
    • Published: Nov. 01, 2024
    • Modified: Nov. 05, 2024
Showing 20 of 291162 Results