Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-45072

    IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.... Read more

    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-47669

    In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix state management in error path of log writing function After commit a694291a6211 ("nilfs2: separate wait function from nilfs_segctor_write") was applied, the log writing fun... Read more

    Affected Products : linux_kernel
    • Published: Oct. 09, 2024
    • Modified: Oct. 21, 2024

  • 8.7

    HIGH
    CVE-2024-6207

    CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end c... Read more

    • Published: Oct. 14, 2024
    • Modified: Oct. 21, 2024

  • 8.8

    HIGH
    CVE-2024-10024

    A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. This issue affects some unknown processing of the file /php/manage_medicine_stock.php. The manipulation of the argument name/packing/generic... Read more

    Affected Products : pharmacy_management_system
    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 8.8

    HIGH
    CVE-2024-10023

    A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. This vulnerability affects unknown code of the file /php/add_new_medicine.php. The manipulation of the argument name/packing/generic_name/suppliers_name lead... Read more

    Affected Products : pharmacy_management_system
    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-10022

    A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. This affects an unknown part of the file /php/manage_supplier.php?action=search. The manipulation of the argument text leads to sql injection. It is pos... Read more

    Affected Products : pharmacy_management_system
    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-10021

    A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /php/manage_purchase.php?action=search&tag=VOUCHER_NUMBER. The manipulation of the a... Read more

    Affected Products : pharmacy_management_system
    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-9986

    A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file member_register.php. The manipulation of the argument fullname/username/password/email leads... Read more

    • Published: Oct. 15, 2024
    • Modified: Oct. 21, 2024

  • 9.0

    CRITICAL
    CVE-2024-21172

    Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.19, 5.6.25.8 and 5.6.26.4. Difficult to exploit vulnerability allows unauthenticated a... Read more

    Affected Products : hospitality_opera_5
    • Published: Oct. 15, 2024
    • Modified: Oct. 21, 2024

  • 4.8

    MEDIUM
    CVE-2024-43168

    DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a ... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Oct. 21, 2024

  • 8.8

    HIGH
    CVE-2024-39628

    Cross-Site Request Forgery (CSRF) vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6.... Read more

    Affected Products : ninja_forms
    • Published: Aug. 26, 2024
    • Modified: Oct. 20, 2024

  • 7.5

    HIGH
    CVE-2024-43789

    Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance. This problem has been patched in t... Read more

    Affected Products : discourse
    • Published: Oct. 07, 2024
    • Modified: Oct. 19, 2024

  • 8.2

    HIGH
    CVE-2024-45051

    Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the l... Read more

    Affected Products : discourse
    • Published: Oct. 07, 2024
    • Modified: Oct. 19, 2024

  • 5.3

    MEDIUM
    CVE-2024-45297

    Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are... Read more

    Affected Products : discourse
    • Published: Oct. 07, 2024
    • Modified: Oct. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-47772

    Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by sending a maliciously crafted chat message and replying to it. This issue only affects sites with CSP disabled. This problem ... Read more

    Affected Products : discourse
    • Published: Oct. 07, 2024
    • Modified: Oct. 19, 2024

  • 5.4

    MEDIUM
    CVE-2024-9969

    NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting (XSS) attack. The affected product is no longer main... Read more

    Affected Products : webeip
    • Published: Oct. 15, 2024
    • Modified: Oct. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-9917

    A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/template_creat.php. The manipulation of the argument content leads to deserialization. It is possible... Read more

    Affected Products : usualtoolcms
    • Published: Oct. 13, 2024
    • Modified: Oct. 19, 2024

  • 7.2

    HIGH
    CVE-2024-9918

    A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/sql.php. The manipulation of the argument sql leads to sql injection. The attack can be in... Read more

    Affected Products : usualtoolcms
    • Published: Oct. 13, 2024
    • Modified: Oct. 19, 2024

  • 7.5

    HIGH
    CVE-2024-9820

    The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to the two-factor code being stored in a cookie, which makes it possible to bypass two-factor authentication... Read more

    Affected Products : wp_2fa_with_telegram
    • Published: Oct. 15, 2024
    • Modified: Oct. 19, 2024

  • 8.8

    HIGH
    CVE-2024-9968

    WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. The affected product is no longer maintained. It is recommended ... Read more

    Affected Products : webeip
    • Published: Oct. 15, 2024
    • Modified: Oct. 19, 2024
Showing 20 of 291608 Results