Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-42950

    Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the Go parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products : fh1201_firmware fh1201
    • Published: Aug. 15, 2024
    • Modified: Aug. 21, 2024

  • 5.1

    MEDIUM
    CVE-2022-26327

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in OpenText Performance Center on Windows allows Retrieve Embedded Sensitive Data.This issue affects Performance Center: 12.63.... Read more

    Affected Products :
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 2.0

    LOW
    CVE-2022-26328

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText Performance Center on Windows allows Cross-Site Scripting (XSS).This issue affects Performance Center: 12.63.... Read more

    Affected Products :
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 3.1

    LOW
    CVE-2024-43411

    CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, th... Read more

    Affected Products : ckeditor
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 7.8

    HIGH
    CVE-2024-33656

    The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. This could lead to privilege escalation, arbitrary code execution, and bypassing OS security mechanisms... Read more

    Affected Products : aptio_v
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 7.8

    HIGH
    CVE-2024-33657

    This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks.... Read more

    Affected Products : aptio_v
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-42572

    School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php.... Read more

    Affected Products : school_management_system
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 8.8

    HIGH
    CVE-2024-40500

    Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component.... Read more

    Affected Products : i-librarian
    • Published: Aug. 12, 2024
    • Modified: Aug. 21, 2024

  • 9.0

    CRITICAL
    CVE-2024-35540

    A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : typecho
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 5.3

    MEDIUM
    CVE-2024-42369

    matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in... Read more

    Affected Products : javascript_sdk
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 8.7

    HIGH
    CVE-2024-6378

    A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products : 3dexperience
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-8003

    A vulnerability was found in Go-Tribe gotribe-admin 1.0 and classified as problematic. Affected by this issue is the function InitRoutes of the file internal/app/routes/routes.go of the component Log Handler. The manipulation leads to deserialization. The... Read more

    Affected Products : gotribe-admin
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-8005

    A vulnerability was found in demozx gf_cms 1.0/1.0.1. It has been classified as critical. This affects the function init of the file internal/logic/auth/auth.go of the component JWT Authentication. The manipulation leads to hard-coded credentials. It is p... Read more

    Affected Products : gf_cms
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-30949

    An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function.... Read more

    Affected Products : newlib
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-7945

    A vulnerability was found in itsourcecode Laravel Property Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/notes/create of the component Notes Page. The manipulation... Read more

    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 8.8

    HIGH
    CVE-2024-7944

    A vulnerability was found in itsourcecode Laravel Property Management System 1.0. It has been classified as critical. Affected is the function UpdateDocumentsRequest of the file DocumentsController.php. The manipulation leads to unrestricted upload. It is... Read more

    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 8.8

    HIGH
    CVE-2024-42577

    A Cross-Site Request Forgery (CSRF) in the component add_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.... Read more

    Affected Products : warehouse_inventory_system
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 7.5

    HIGH
    CVE-2024-7841

    A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System 1.0. This vulnerability affects unknown code of the file /pms/ajax/check_user_name.php. The manipulation of the argument user_name leads to sql injection.... Read more

    • Published: Aug. 15, 2024
    • Modified: Aug. 21, 2024

  • 6.9

    MEDIUM
    CVE-2024-7929

    A vulnerability, which was classified as problematic, was found in SourceCodester Simple Forum Website 1.0. This affects an unknown part of the file /registration.php of the component Signup Page. The manipulation of the argument username leads to cross s... Read more

    Affected Products : simple_forum_website
    • Published: Aug. 19, 2024
    • Modified: Aug. 21, 2024

  • 8.8

    HIGH
    CVE-2024-7930

    A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pms/ajax/get_packings.php. The manipulation of the argument medicine_id leads to sql in... Read more

    • Published: Aug. 19, 2024
    • Modified: Aug. 21, 2024
Showing 20 of 291316 Results