Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 9.9

    CRITICAL
    CVE-2024-4872

    A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must ha... Read more

    • Published: Aug. 27, 2024
    • Modified: Oct. 30, 2024
  • 4.3

    MEDIUM
    CVE-2024-7941

    An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.... Read more

    Affected Products : microscada_x_sys600
    • Published: Aug. 27, 2024
    • Modified: Oct. 30, 2024
  • 7.5

    HIGH
    CVE-2024-10290

    A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The ... Read more

    Affected Products : zzcms
    • Published: Oct. 23, 2024
    • Modified: Oct. 30, 2024
  • 9.8

    CRITICAL
    CVE-2024-48963

    The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory ... Read more

    Affected Products : snyk_cli
    • Published: Oct. 23, 2024
    • Modified: Oct. 30, 2024
  • 9.8

    CRITICAL
    CVE-2024-10371

    A vulnerability classified as critical has been found in SourceCodester Payroll Management System 1.0. This affects the function login of the file main. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be use... Read more

    Affected Products : payroll_management_system
    • Published: Oct. 25, 2024
    • Modified: Oct. 30, 2024
  • 5.5

    MEDIUM
    CVE-2024-50087

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix uninitialized pointer free on read_alloc_one_name() error The function read_alloc_one_name() does not initialize the name field of the passed fscrypt_str struct if kmalloc fa... Read more

    Affected Products : linux_kernel
    • Published: Oct. 29, 2024
    • Modified: Oct. 30, 2024
  • 5.4

    MEDIUM
    CVE-2024-48119

    Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Authenticated users can inject arbitrary HTML.... Read more

    Affected Products : vtiger_crm
    • Published: Oct. 14, 2024
    • Modified: Oct. 30, 2024
  • 8.8

    HIGH
    CVE-2024-34668

    Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.... Read more

    Affected Products : android android
    • Published: Oct. 08, 2024
    • Modified: Oct. 30, 2024
  • 9.8

    CRITICAL
    CVE-2024-10350

    A vulnerability was found in code-projects Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/add-doctor.php. The manipulation of the argument docname leads to sql injection. The at... Read more

    • Published: Oct. 24, 2024
    • Modified: Oct. 30, 2024
  • 8.8

    HIGH
    CVE-2024-34667

    Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.... Read more

    Affected Products : android android
    • Published: Oct. 08, 2024
    • Modified: Oct. 30, 2024
  • 8.8

    HIGH
    CVE-2024-34666

    Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.... Read more

    Affected Products : android android
    • Published: Oct. 08, 2024
    • Modified: Oct. 30, 2024
  • 8.8

    HIGH
    CVE-2024-34665

    Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.... Read more

    Affected Products : android android
    • Published: Oct. 08, 2024
    • Modified: Oct. 30, 2024
  • 8.8

    HIGH
    CVE-2024-34669

    Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.... Read more

    Affected Products : android android
    • Published: Oct. 08, 2024
    • Modified: Oct. 30, 2024
  • 9.8

    CRITICAL
    CVE-2024-7763

    In WhatsUp Gold versions released before 2024.0.0,  an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.... Read more

    Affected Products : whatsup_gold
    • Published: Oct. 24, 2024
    • Modified: Oct. 30, 2024
  • 7.2

    HIGH
    CVE-2024-10337

    A vulnerability classified as critical has been found in SourceCodeHero Clothes Recommendation System 1.0. Affected is an unknown function of the file /admin/home.php?con=add. The manipulation of the argument cat/subcat/ t1/t2/text leads to sql injection.... Read more

    Affected Products : clothes_recommendation_system
    • Published: Oct. 24, 2024
    • Modified: Oct. 30, 2024
  • 7.2

    HIGH
    CVE-2024-10338

    A vulnerability classified as critical was found in SourceCodeHero Clothes Recommendation System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/home.php. The manipulation of the argument view/view1 leads to sql injectio... Read more

    Affected Products : clothes_recommendation_system
    • Published: Oct. 24, 2024
    • Modified: Oct. 30, 2024
  • 9.8

    CRITICAL
    CVE-2024-7824

    Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2... Read more

    Affected Products : secureanywhere_web_shield
    • Published: Oct. 03, 2024
    • Modified: Oct. 30, 2024
  • 9.8

    CRITICAL
    CVE-2024-7825

    Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2... Read more

    Affected Products : secureanywhere_web_shield
    • Published: Oct. 03, 2024
    • Modified: Oct. 30, 2024
  • 9.8

    CRITICAL
    CVE-2024-7826

    Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrURL.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.... Read more

    Affected Products : secureanywhere_web_shield
    • Published: Oct. 03, 2024
    • Modified: Oct. 30, 2024
  • 8.8

    HIGH
    CVE-2024-48964

    The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directo... Read more

    Affected Products : snyk_cli
    • Published: Oct. 23, 2024
    • Modified: Oct. 30, 2024
Showing 20 of 291562 Results