Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-10421

    A vulnerability classified as critical was found in SourceCodester Attendance and Payroll System 1.0. This vulnerability affects unknown code of the file /admin/overtime_row.php. The manipulation of the argument id leads to sql injection. The attack can b... Read more

    Affected Products : attendance_and_payroll_system
    • Published: Oct. 27, 2024
    • Modified: Oct. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-10422

    A vulnerability, which was classified as critical, has been found in SourceCodester Attendance and Payroll System 1.0. This issue affects some unknown processing of the file /admin/overtime_add.php. The manipulation of the argument id leads to sql injecti... Read more

    Affected Products : attendance_and_payroll_system
    • Published: Oct. 27, 2024
    • Modified: Oct. 29, 2024

  • 7.5

    HIGH
    CVE-2024-47022

    Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656.... Read more

    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024

  • 7.5

    HIGH
    CVE-2024-47021

    In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for expl... Read more

    Affected Products : android
    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024

  • 7.5

    HIGH
    CVE-2024-47020

    Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488.... Read more

    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024

  • 5.4

    MEDIUM
    CVE-2024-41911

    A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The flaw does not properly neutralize input during a web page generation.... Read more

    • Published: Aug. 06, 2024
    • Modified: Oct. 28, 2024

  • 5.3

    MEDIUM
    CVE-2024-41517

    An Incorrect Access Control vulnerability in "/admin/benutzer/institution/rechteverwaltung/uebersicht" in Feripro <= v2.2.3 allows remote attackers to get a list of all users and their corresponding privileges.... Read more

    Affected Products : feripro
    • Published: Aug. 02, 2024
    • Modified: Oct. 28, 2024

  • 3.3

    LOW
    CVE-2024-40096

    The com.cascadialabs.who (aka Who - Caller ID, Spam Block) application 15.0 for Android places sensitive information in the system log.... Read more

    Affected Products : who
    • Published: Aug. 05, 2024
    • Modified: Oct. 28, 2024

  • 6.8

    MEDIUM
    CVE-2024-39771

    QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter communications of the affected product via a man-in-the-middle ... Read more

    • Published: Aug. 28, 2024
    • Modified: Oct. 28, 2024

  • 8.8

    HIGH
    CVE-2024-6720

    The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks... Read more

    Affected Products : light_poll
    • Published: Aug. 06, 2024
    • Modified: Oct. 28, 2024

  • 9.1

    CRITICAL
    CVE-2024-48145

    A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 9.1

    CRITICAL
    CVE-2024-48144

    A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 8.1

    HIGH
    CVE-2024-47023

    there is a possible man-in-the-middle attack due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024

  • 8.8

    HIGH
    CVE-2024-45262

    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execut... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 8.0

    HIGH
    CVE-2024-45261

    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 8.0

    HIGH
    CVE-2024-45260

    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 6.5

    MEDIUM
    CVE-2024-45259

    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 8.6

    HIGH
    CVE-2024-48208

    pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the domlsd() function of the ls.c file.... Read more

    Affected Products : pure-ftpd
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 8.8

    HIGH
    CVE-2024-45263

    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information lea... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 7.8

    HIGH
    CVE-2024-45242

    EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During the time of initial setup, the device creates an open unsecured network whose admin pa... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024
Showing 20 of 291647 Results