Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2024-21275

    Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.7-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to c... Read more

    Affected Products : e-business_suite quoting
    • Published: Oct. 15, 2024
    • Modified: Oct. 21, 2024

  • 8.1

    HIGH
    CVE-2024-21271

    Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Field Service Engineer Portal). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network... Read more

    Affected Products : e-business_suite field_service
    • Published: Oct. 15, 2024
    • Modified: Oct. 21, 2024

  • 8.1

    HIGH
    CVE-2024-21270

    Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks). Supported versions that are affected are 12.2.6-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access v... Read more

    • Published: Oct. 15, 2024
    • Modified: Oct. 21, 2024

  • 8.1

    HIGH
    CVE-2024-21269

    Vulnerability in the Oracle Incentive Compensation product of Oracle E-Business Suite (component: Compensation Plan). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network ac... Read more

    • Published: Oct. 15, 2024
    • Modified: Oct. 21, 2024

  • 8.1

    HIGH
    CVE-2024-21268

    Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.2.11-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access vi... Read more

    • Published: Oct. 15, 2024
    • Modified: Oct. 21, 2024

  • 8.0

    HIGH
    CVE-2024-4690

    Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.... Read more

    Affected Products : application_automation_tools
    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 8.1

    HIGH
    CVE-2024-21267

    Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning). Supported versions that are affected are 12.2.12-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via H... Read more

    Affected Products : e-business_suite cost_management
    • Published: Oct. 15, 2024
    • Modified: Oct. 21, 2024

  • 8.1

    HIGH
    CVE-2024-21266

    Vulnerability in the Oracle Advanced Pricing product of Oracle E-Business Suite (component: Price List). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP... Read more

    Affected Products : e-business_suite advanced_pricing
    • Published: Oct. 15, 2024
    • Modified: Oct. 21, 2024

  • 8.1

    HIGH
    CVE-2024-21265

    Vulnerability in the Oracle Site Hub product of Oracle E-Business Suite (component: Site Hierarchy Flows). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HT... Read more

    Affected Products : e-business_suite site_hub
    • Published: Oct. 15, 2024
    • Modified: Oct. 21, 2024

  • 8.0

    HIGH
    CVE-2024-4184

    Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.... Read more

    Affected Products : application_automation_tools
    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 8.0

    HIGH
    CVE-2024-4189

    Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.... Read more

    Affected Products : application_automation_tools
    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-45071

    IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credent... Read more

    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-45072

    IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.... Read more

    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-47669

    In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix state management in error path of log writing function After commit a694291a6211 ("nilfs2: separate wait function from nilfs_segctor_write") was applied, the log writing fun... Read more

    Affected Products : linux_kernel
    • Published: Oct. 09, 2024
    • Modified: Oct. 21, 2024

  • 8.7

    HIGH
    CVE-2024-6207

    CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end c... Read more

    • Published: Oct. 14, 2024
    • Modified: Oct. 21, 2024

  • 8.8

    HIGH
    CVE-2024-10024

    A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. This issue affects some unknown processing of the file /php/manage_medicine_stock.php. The manipulation of the argument name/packing/generic... Read more

    Affected Products : pharmacy_management_system
    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 8.8

    HIGH
    CVE-2024-10023

    A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. This vulnerability affects unknown code of the file /php/add_new_medicine.php. The manipulation of the argument name/packing/generic_name/suppliers_name lead... Read more

    Affected Products : pharmacy_management_system
    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-10022

    A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. This affects an unknown part of the file /php/manage_supplier.php?action=search. The manipulation of the argument text leads to sql injection. It is pos... Read more

    Affected Products : pharmacy_management_system
    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-10021

    A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /php/manage_purchase.php?action=search&tag=VOUCHER_NUMBER. The manipulation of the a... Read more

    Affected Products : pharmacy_management_system
    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-9986

    A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file member_register.php. The manipulation of the argument fullname/username/password/email leads... Read more

    • Published: Oct. 15, 2024
    • Modified: Oct. 21, 2024
Showing 20 of 291520 Results