Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-7473

    An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request... Read more

    Affected Products : lunary
    • Published: Oct. 29, 2024
    • Modified: Nov. 03, 2024

  • 2.7

    LOW
    CVE-2024-7038

    An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides diff... Read more

    Affected Products : open_webui
    • Published: Oct. 09, 2024
    • Modified: Nov. 03, 2024

  • 7.1

    HIGH
    CVE-2024-6959

    A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process eac... Read more

    Affected Products : lollms_webui lollms_web_ui
    • Published: Oct. 13, 2024
    • Modified: Nov. 03, 2024

  • 6.5

    MEDIUM
    CVE-2024-6582

    A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vulnerabi... Read more

    Affected Products : lunary
    • Published: Sep. 13, 2024
    • Modified: Nov. 03, 2024

  • 7.1

    HIGH
    CVE-2024-44159

    A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass Privacy preferences.... Read more

    Affected Products : macos
    • Published: Oct. 28, 2024
    • Modified: Nov. 01, 2024

  • 4.8

    MEDIUM
    CVE-2024-37879

    Improper input validation in /admin/config/save in User-friendly SVN (USVN) before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLogo".... Read more

    Affected Products :
    • Published: Sep. 20, 2024
    • Modified: Nov. 01, 2024

  • 8.8

    HIGH
    CVE-2024-51492

    Zusam is a free and open-source way to self-host private forums. Prior to version 0.5.6, specially crafted SVG files uploaded to the service as images allow for unrestricted script execution on (raw) image load. With certain payloads, theft of the target ... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 9.8

    CRITICAL
    CVE-2024-10595

    A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delFile/delDifferCourseList of the file /com/esafenet/servlet/ajax/PublicDocInfoAjax.java. The manipulation leads to sql injectio... Read more

    Affected Products : cdg
    • Published: Oct. 31, 2024
    • Modified: Nov. 01, 2024

  • 9.8

    CRITICAL
    CVE-2024-10509

    A vulnerability, which was classified as critical, has been found in Codezips Online Institute Management System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument email leads to sql injection. The att... Read more

    • Published: Oct. 30, 2024
    • Modified: Nov. 01, 2024

  • 9.8

    CRITICAL
    CVE-2024-10556

    A vulnerability, which was classified as critical, was found in Codezips Pet Shop Management System 1.0. Affected is an unknown function of the file birdsadd.php. The manipulation of the argument id leads to sql injection. It is possible to launch the att... Read more

    Affected Products : pet_shop_management_system
    • Published: Oct. 31, 2024
    • Modified: Nov. 01, 2024

  • 6.9

    MEDIUM
    CVE-2024-10557

    A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /file/updateprofile.php. The manipulation leads to cross-site request fo... Read more

    • Published: Oct. 31, 2024
    • Modified: Nov. 01, 2024

  • 9.8

    CRITICAL
    CVE-2024-10561

    A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file birdsupdate.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the ... Read more

    Affected Products : pet_shop_management_system
    • Published: Oct. 31, 2024
    • Modified: Nov. 01, 2024

  • 6.0

    MEDIUM
    CVE-2024-47121

    The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt... Read more

    Affected Products : gotenna_pro
    • Published: Sep. 26, 2024
    • Modified: Nov. 01, 2024

  • 6.5

    MEDIUM
    CVE-2024-6673

    A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID... Read more

    Affected Products : lollms_web_ui
    • Published: Oct. 29, 2024
    • Modified: Nov. 01, 2024

  • 7.8

    HIGH
    CVE-2024-34121

    Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a ... Read more

    Affected Products : macos windows illustrator
    • Published: Sep. 13, 2024
    • Modified: Nov. 01, 2024

  • 8.1

    HIGH
    CVE-2024-6674

    A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability can also enable attackers... Read more

    Affected Products : lollms_web_ui
    • Published: Oct. 29, 2024
    • Modified: Nov. 01, 2024

  • 6.5

    MEDIUM
    CVE-2024-49659

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rami Yushuvaev Coub allows Stored XSS.This issue affects Coub: from n/a through 1.4.... Read more

    Affected Products : coub
    • Published: Oct. 29, 2024
    • Modified: Nov. 01, 2024

  • 6.5

    MEDIUM
    CVE-2024-37481

    Missing Authorization vulnerability in Post Grid Team by RadiusTheme The Post Grid allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects The Post Grid: from n/a through 7.7.4.... Read more

    Affected Products : the_post_grid
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 6.3

    MEDIUM
    CVE-2024-43285

    Missing Authorization vulnerability in Presto Made, Inc Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Presto Player: from n/a through 3.0.2.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 5.3

    MEDIUM
    CVE-2024-43270

    Missing Authorization vulnerability in WPBackItUp Backup and Restore WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Backup and Restore WordPress: from n/a through 1.50.... Read more

    Affected Products : backup_and_restore_wordpress
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024
Showing 20 of 291124 Results