Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-7372

    A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /quiz_board.php. The manipulation of the argument quiz leads to sql injection. The... Read more

    Affected Products : simple_realtime_quiz_system
    • Published: Aug. 02, 2024
    • Modified: Aug. 07, 2024

  • 8.8

    HIGH
    CVE-2024-7373

    A vulnerability classified as critical has been found in SourceCodester Simple Realtime Quiz System 1.0. This affects an unknown part of the file /ajax.php?action=load_answered. The manipulation of the argument id leads to sql injection. It is possible to... Read more

    Affected Products : simple_realtime_quiz_system
    • Published: Aug. 02, 2024
    • Modified: Aug. 07, 2024

  • 9.8

    CRITICAL
    CVE-2024-33974

    SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the foll... Read more

    • Published: Aug. 06, 2024
    • Modified: Aug. 07, 2024

  • 9.8

    CRITICAL
    CVE-2024-7441

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been declared as critical. This vulnerability affects the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-b... Read more

    Affected Products : sd9364_firmware sd9364
    • Published: Aug. 03, 2024
    • Modified: Aug. 07, 2024

  • 5.4

    MEDIUM
    CVE-2024-7353

    The Accept Stripe Payments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's accept_stripe_payment_ng shortcode in all versions up to, and including, 2.0.86 due to insufficient input sanitization and output escaping on use... Read more

    Affected Products :
    • Published: Aug. 07, 2024
    • Modified: Aug. 07, 2024

  • 8.1

    HIGH
    CVE-2024-2232

    The lacks CSRF checks allowing a user to invite any user to any group (including private groups)... Read more

    Affected Products : himer
    • Published: Aug. 05, 2024
    • Modified: Aug. 07, 2024

  • 7.5

    HIGH
    CVE-2024-41260

    A static initialization vector (IV) in the encrypt function of netbird v0.28.4 allows attackers to obtain sensitive information.... Read more

    Affected Products :
    • Published: Aug. 01, 2024
    • Modified: Aug. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-7443

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Vivotek IB8367A VVTK-0100b. Affected is the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. It ... Read more

    Affected Products : ib8367a_firmware ib8367a
    • Published: Aug. 03, 2024
    • Modified: Aug. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-7439

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d and classified as critical. Affected by this issue is the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buf... Read more

    Affected Products : cc8160_firmware cc8160
    • Published: Aug. 03, 2024
    • Modified: Aug. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-7442

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been rated as critical. This issue affects the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injec... Read more

    Affected Products : sd9364_firmware sd9364
    • Published: Aug. 03, 2024
    • Modified: Aug. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-7470

    A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been rated as critical. This issue affects the function sslvpn_config_mod of the file /vpn/vpn_template_style.php of the component Web Interface. The manipulation of... Read more

    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-7469

    A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been declared as critical. This vulnerability affects the function sslvpn_config_mod of the file /vpn/list_vpn_web_custom.php of the component Web Interface. The man... Read more

    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-7468

    A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been classified as critical. This affects the function sslvpn_config_mod of the file /vpn/list_service_manage.php of the component Web Interface. The manipulation of... Read more

    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-7467

    A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 and classified as critical. Affected by this issue is the function sslvpn_config_mod of the file /vpn/list_ip_network.php of the component Web Interface. The manipulation of... Read more

    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 5.4

    MEDIUM
    CVE-2024-7466

    A vulnerability has been found in PMWeb 7.2.00 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Application Firewall. The manipulation leads to cross site scripting. The attack can be launched ... Read more

    Affected Products : pmweb
    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 8.8

    HIGH
    CVE-2024-7460

    A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /change_password.php. The manipulation leads to cross-site request forgery.... Read more

    • Published: Aug. 04, 2024
    • Modified: Aug. 06, 2024

  • 8.8

    HIGH
    CVE-2024-7459

    A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been classified as problematic. Affected is an unknown function of the file /edit_account.php. The manipulation leads to cross-site request forgery. It is possible to launch th... Read more

    • Published: Aug. 04, 2024
    • Modified: Aug. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-7458

    A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. This issue affects some unknown processing of the file /api/deploy/upload /api/database/upload of the component Database Management/Deployment Management. The manipulation o... Read more

    Affected Products : eladmin
    • Published: Aug. 04, 2024
    • Modified: Aug. 06, 2024

  • 9.3

    CRITICAL
    CVE-2024-7397

    Improper filering of special characters result in a command ('command injection') vulnerability in Korenix JetPort 5601v3.This issue affects JetPort 5601v3: through 1.2.... Read more

    Affected Products :
    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 9.3

    CRITICAL
    CVE-2024-7395

    An authentication bypass vulnerability in Korenix JetPort 5601v3 allows an attacker to access functionality on the device without specifying a password.This issue affects JetPort 5601v3: through 1.2.... Read more

    Affected Products :
    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024
Showing 20 of 290128 Results