Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2024-32931

    Under certain circumstances the exacqVision Web Service can expose authentication token details within communications.... Read more

    Affected Products : exacqvision_web_service
    • Published: Aug. 01, 2024
    • Modified: Aug. 09, 2024

  • 8.8

    HIGH
    CVE-2024-32863

    Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : exacqvision_web_service
    • Published: Aug. 01, 2024
    • Modified: Aug. 09, 2024

  • 5.0

    MEDIUM
    CVE-2024-41948

    biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBloc... Read more

    Affected Products : biscuit-java
    • Published: Aug. 01, 2024
    • Modified: Aug. 09, 2024

  • 6.4

    MEDIUM
    CVE-2024-41949

    biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBloc... Read more

    Affected Products : biscuit-auth
    • Published: Aug. 01, 2024
    • Modified: Aug. 09, 2024

  • 7.2

    HIGH
    CVE-2024-7446

    A vulnerability, which was classified as critical, was found in itsourcecode Ticket Reservation System 1.0. This affects an unknown part of the file list_tickets.php. The manipulation of the argument prefSeat_id leads to sql injection. It is possible to i... Read more

    Affected Products : ticket_reservation_system
    • Published: Aug. 03, 2024
    • Modified: Aug. 09, 2024

  • 7.2

    HIGH
    CVE-2024-7445

    A vulnerability, which was classified as critical, has been found in itsourcecode Ticket Reservation System 1.0. Affected by this issue is some unknown functionality of the file checkout_ticket_save.php. The manipulation of the argument data leads to sql ... Read more

    Affected Products : ticket_reservation_system
    • Published: Aug. 03, 2024
    • Modified: Aug. 09, 2024

  • 8.8

    HIGH
    CVE-2024-7450

    A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resume_upload.php of the component Image Handler. The manipulation of the ar... Read more

    Affected Products : placement_management_system
    • Published: Aug. 04, 2024
    • Modified: Aug. 09, 2024

  • 9.8

    CRITICAL
    CVE-2024-7451

    A vulnerability was found in itsourcecode Placement Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file apply_now.php. The manipulation of the argument id leads to sql injection. The attack ma... Read more

    Affected Products : placement_management_system
    • Published: Aug. 04, 2024
    • Modified: Aug. 09, 2024

  • 9.8

    CRITICAL
    CVE-2024-7452

    A vulnerability was found in itsourcecode Placement Management System 1.0. It has been classified as critical. This affects an unknown part of the file view_company.php. The manipulation of the argument id leads to sql injection. It is possible to initiat... Read more

    Affected Products : placement_management_system
    • Published: Aug. 04, 2024
    • Modified: Aug. 09, 2024

  • 9.0

    HIGH
    CVE-2024-7338

    A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument week/sTime/eTime leads to buffer overflow... Read more

    Affected Products : ex1200l_firmware ex1200l
    • Published: Aug. 01, 2024
    • Modified: Aug. 09, 2024

  • 4.3

    MEDIUM
    CVE-2024-40723

    The specific API in HWATAIServiSign Windows Version from CHANGING Information Technology does not properly validate the length of server-side inputs. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer ove... Read more

    Affected Products : hwatai_servisign
    • Published: Aug. 02, 2024
    • Modified: Aug. 09, 2024

  • 4.3

    MEDIUM
    CVE-2024-40722

    The specific API in TCBServiSign Windows Version from CHANGING Information Technology does does not properly validate the length of server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer ov... Read more

    Affected Products : tcb_servisign
    • Published: Aug. 02, 2024
    • Modified: Aug. 09, 2024

  • 9.0

    HIGH
    CVE-2024-7336

    A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The a... Read more

    Affected Products : ex200_firmware ex200
    • Published: Aug. 01, 2024
    • Modified: Aug. 09, 2024

  • 8.8

    HIGH
    CVE-2024-40721

    The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause the TCBServiSign to load a DLL from an arb... Read more

    Affected Products : tcb_servisign
    • Published: Aug. 02, 2024
    • Modified: Aug. 09, 2024

  • 8.8

    HIGH
    CVE-2024-40720

    The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can modify the `HKEY_CURRENT_USER` registry to execu... Read more

    Affected Products : tcb_servisign
    • Published: Aug. 02, 2024
    • Modified: Aug. 09, 2024

  • 6.5

    MEDIUM
    CVE-2024-40719

    The encryption strength of the authorization keys in CHANGING Information Technology TCBServiSign Windows Version is insufficient. When a remote attacker tricks a victim into visiting a malicious website, TCBServiSign will treat that website as a legitima... Read more

    Affected Products : tcb_servisign
    • Published: Aug. 02, 2024
    • Modified: Aug. 09, 2024

  • 9.8

    CRITICAL
    CVE-2024-7365

    A vulnerability was found in SourceCodester Tracking Monitoring Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage_establishment.php. The manipulation of the argument id leads to sql ... Read more

    • Published: Aug. 01, 2024
    • Modified: Aug. 09, 2024

  • 9.8

    CRITICAL
    CVE-2024-7364

    A vulnerability has been found in SourceCodester Tracking Monitoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage_records.php. The manipulation of the argument id leads to... Read more

    • Published: Aug. 01, 2024
    • Modified: Aug. 09, 2024

  • 9.8

    CRITICAL
    CVE-2024-7363

    A vulnerability, which was classified as critical, was found in SourceCodester Tracking Monitoring Management System 1.0. Affected is an unknown function of the file /manage_person.php. The manipulation of the argument id leads to sql injection. It is pos... Read more

    • Published: Aug. 01, 2024
    • Modified: Aug. 09, 2024

  • 9.8

    CRITICAL
    CVE-2024-7362

    A vulnerability, which was classified as critical, has been found in SourceCodester Tracking Monitoring Management System 1.0. This issue affects some unknown processing of the file /manage_user.php. The manipulation of the argument id leads to sql inject... Read more

    • Published: Aug. 01, 2024
    • Modified: Aug. 09, 2024
Showing 20 of 289993 Results