Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-10021

    A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /php/manage_purchase.php?action=search&tag=VOUCHER_NUMBER. The manipulation of the a... Read more

    Affected Products : pharmacy_management_system
    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-9986

    A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file member_register.php. The manipulation of the argument fullname/username/password/email leads... Read more

    • Published: Oct. 15, 2024
    • Modified: Oct. 21, 2024

  • 9.0

    CRITICAL
    CVE-2024-21172

    Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.19, 5.6.25.8 and 5.6.26.4. Difficult to exploit vulnerability allows unauthenticated a... Read more

    Affected Products : hospitality_opera_5
    • Published: Oct. 15, 2024
    • Modified: Oct. 21, 2024

  • 4.8

    MEDIUM
    CVE-2024-43168

    DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a ... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Oct. 21, 2024

  • 8.8

    HIGH
    CVE-2024-39628

    Cross-Site Request Forgery (CSRF) vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6.... Read more

    Affected Products : ninja_forms
    • Published: Aug. 26, 2024
    • Modified: Oct. 20, 2024

  • 7.5

    HIGH
    CVE-2024-43789

    Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance. This problem has been patched in t... Read more

    Affected Products : discourse
    • Published: Oct. 07, 2024
    • Modified: Oct. 19, 2024

  • 8.2

    HIGH
    CVE-2024-45051

    Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the l... Read more

    Affected Products : discourse
    • Published: Oct. 07, 2024
    • Modified: Oct. 19, 2024

  • 5.3

    MEDIUM
    CVE-2024-45297

    Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are... Read more

    Affected Products : discourse
    • Published: Oct. 07, 2024
    • Modified: Oct. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-47772

    Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by sending a maliciously crafted chat message and replying to it. This issue only affects sites with CSP disabled. This problem ... Read more

    Affected Products : discourse
    • Published: Oct. 07, 2024
    • Modified: Oct. 19, 2024

  • 5.4

    MEDIUM
    CVE-2024-9969

    NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting (XSS) attack. The affected product is no longer main... Read more

    Affected Products : webeip
    • Published: Oct. 15, 2024
    • Modified: Oct. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-9917

    A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/template_creat.php. The manipulation of the argument content leads to deserialization. It is possible... Read more

    Affected Products : usualtoolcms
    • Published: Oct. 13, 2024
    • Modified: Oct. 19, 2024

  • 7.2

    HIGH
    CVE-2024-9918

    A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/sql.php. The manipulation of the argument sql leads to sql injection. The attack can be in... Read more

    Affected Products : usualtoolcms
    • Published: Oct. 13, 2024
    • Modified: Oct. 19, 2024

  • 7.5

    HIGH
    CVE-2024-9820

    The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to the two-factor code being stored in a cookie, which makes it possible to bypass two-factor authentication... Read more

    Affected Products : wp_2fa_with_telegram
    • Published: Oct. 15, 2024
    • Modified: Oct. 19, 2024

  • 8.8

    HIGH
    CVE-2024-9968

    WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. The affected product is no longer maintained. It is recommended ... Read more

    Affected Products : webeip
    • Published: Oct. 15, 2024
    • Modified: Oct. 19, 2024

  • 7.2

    HIGH
    CVE-2024-45330

    A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 19, 2024

  • 7.2

    HIGH
    CVE-2024-9180

    A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11... Read more

    Affected Products : vault openbao
    • Published: Oct. 10, 2024
    • Modified: Oct. 18, 2024

  • 7.3

    HIGH
    CVE-2024-49390

    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.... Read more

    Affected Products : cyber_files
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 7.8

    HIGH
    CVE-2024-49389

    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.... Read more

    Affected Products : cyber_files
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 5.7

    MEDIUM
    CVE-2024-49386

    Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.... Read more

    Affected Products : cyber_files
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 7.3

    HIGH
    CVE-2024-49391

    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.... Read more

    Affected Products : cyber_files
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024
Showing 20 of 291562 Results