Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-10423

    A vulnerability, which was classified as critical, was found in Project Worlds Student Project Allocation System 1.0. Affected is an unknown function of the file /student/project_selection/project_selection.php of the component Project Selection Page. The... Read more

    • Published: Oct. 27, 2024
    • Modified: Oct. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-10424

    A vulnerability has been found in Project Worlds Student Project Allocation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/project_selection/remove_project.php of the component Projec... Read more

    • Published: Oct. 27, 2024
    • Modified: Oct. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-10418

    A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /file/infoAdd.php. The manipulation of the argument bg leads to sql injec... Read more

    • Published: Oct. 27, 2024
    • Modified: Oct. 29, 2024

  • 6.1

    MEDIUM
    CVE-2024-10419

    A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bloodrequest.php. The manipulation of the argument msg leads to cross site scr... Read more

    • Published: Oct. 27, 2024
    • Modified: Oct. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-10420

    A vulnerability classified as critical has been found in SourceCodester Attendance and Payroll System 1.0. This affects the function upload of the file /marimar/guest/update.php. The manipulation of the argument image leads to unrestricted upload. It is p... Read more

    Affected Products : attendance_and_payroll_system
    • Published: Oct. 27, 2024
    • Modified: Oct. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-10421

    A vulnerability classified as critical was found in SourceCodester Attendance and Payroll System 1.0. This vulnerability affects unknown code of the file /admin/overtime_row.php. The manipulation of the argument id leads to sql injection. The attack can b... Read more

    Affected Products : attendance_and_payroll_system
    • Published: Oct. 27, 2024
    • Modified: Oct. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-10422

    A vulnerability, which was classified as critical, has been found in SourceCodester Attendance and Payroll System 1.0. This issue affects some unknown processing of the file /admin/overtime_add.php. The manipulation of the argument id leads to sql injecti... Read more

    Affected Products : attendance_and_payroll_system
    • Published: Oct. 27, 2024
    • Modified: Oct. 29, 2024

  • 7.5

    HIGH
    CVE-2024-47022

    Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656.... Read more

    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024

  • 7.5

    HIGH
    CVE-2024-47021

    In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for expl... Read more

    Affected Products : android
    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024

  • 7.5

    HIGH
    CVE-2024-47020

    Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488.... Read more

    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024

  • 5.4

    MEDIUM
    CVE-2024-41911

    A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The flaw does not properly neutralize input during a web page generation.... Read more

    • Published: Aug. 06, 2024
    • Modified: Oct. 28, 2024

  • 5.3

    MEDIUM
    CVE-2024-41517

    An Incorrect Access Control vulnerability in "/admin/benutzer/institution/rechteverwaltung/uebersicht" in Feripro <= v2.2.3 allows remote attackers to get a list of all users and their corresponding privileges.... Read more

    Affected Products : feripro
    • Published: Aug. 02, 2024
    • Modified: Oct. 28, 2024

  • 3.3

    LOW
    CVE-2024-40096

    The com.cascadialabs.who (aka Who - Caller ID, Spam Block) application 15.0 for Android places sensitive information in the system log.... Read more

    Affected Products : who
    • Published: Aug. 05, 2024
    • Modified: Oct. 28, 2024

  • 6.8

    MEDIUM
    CVE-2024-39771

    QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter communications of the affected product via a man-in-the-middle ... Read more

    • Published: Aug. 28, 2024
    • Modified: Oct. 28, 2024

  • 8.8

    HIGH
    CVE-2024-6720

    The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks... Read more

    Affected Products : light_poll
    • Published: Aug. 06, 2024
    • Modified: Oct. 28, 2024

  • 9.1

    CRITICAL
    CVE-2024-48145

    A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 9.1

    CRITICAL
    CVE-2024-48144

    A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 8.1

    HIGH
    CVE-2024-47023

    there is a possible man-in-the-middle attack due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024

  • 8.8

    HIGH
    CVE-2024-45262

    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execut... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 8.0

    HIGH
    CVE-2024-45261

    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024
Showing 20 of 291728 Results