Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-33960

    SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the foll... Read more

    Affected Products : credit_card debit_card_payment paypal
    • Published: Aug. 06, 2024
    • Modified: Aug. 15, 2024

  • 7.1

    HIGH
    CVE-2024-33981

    Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '... Read more

    Affected Products : credit_card debit_card_payment paypal
    • Published: Aug. 06, 2024
    • Modified: Aug. 15, 2024

  • 7.1

    HIGH
    CVE-2024-33980

    Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '... Read more

    Affected Products : credit_card debit_card_payment paypal
    • Published: Aug. 06, 2024
    • Modified: Aug. 15, 2024

  • 7.1

    HIGH
    CVE-2024-33979

    Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'q', 'arrival', 'depar... Read more

    Affected Products : credit_card debit_card_payment paypal
    • Published: Aug. 06, 2024
    • Modified: Aug. 15, 2024

  • 10.0

    CRITICAL
    CVE-2024-42479

    llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address writing. This vulnerability is fixed in b3561.... Read more

    Affected Products : llama.cpp
    • Published: Aug. 12, 2024
    • Modified: Aug. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-42478

    llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address reading. This vulnerability is fixed in b3561.... Read more

    Affected Products : llama.cpp
    • Published: Aug. 12, 2024
    • Modified: Aug. 15, 2024

  • 7.5

    HIGH
    CVE-2024-42477

    llama.cpp provides LLM inference in C/C++. The unsafe `type` member in the `rpc_tensor` structure can cause `global-buffer-overflow`. This vulnerability may lead to memory data leakage. The vulnerability is fixed in b3561.... Read more

    Affected Products : llama.cpp
    • Published: Aug. 12, 2024
    • Modified: Aug. 15, 2024

  • 6.1

    MEDIUM
    CVE-2024-40484

    A Reflected Cross Site Scripting (XSS) vulnerability was found in "/oahms/search.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter.... Read more

    Affected Products : old_age_home_management_system
    • Published: Aug. 12, 2024
    • Modified: Aug. 15, 2024

  • 6.1

    MEDIUM
    CVE-2024-40481

    A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/view-enquiry.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the Contact Us page "message" parameter.... Read more

    Affected Products : old_age_home_management_system
    • Published: Aug. 12, 2024
    • Modified: Aug. 15, 2024

  • 8.8

    HIGH
    CVE-2024-40476

    A Cross-Site Request Forgery (CSRF) vulnerability was found in SourceCodester Best House Rental Management System v1.0. This could lead to an attacker tricking the administrator into adding/modifying/deleting valid tenant data via a crafted HTML page, as ... Read more

    • Published: Aug. 12, 2024
    • Modified: Aug. 15, 2024

  • 8.8

    HIGH
    CVE-2024-40475

    SourceCodester Best House Rental Management System v1.0 is vulnerable to Incorrect Access Control via /rental/payment_report.php, /rental/balance_report.php, /rental/invoices.php, /rental/tenants.php, and /rental/users.php.... Read more

    • Published: Aug. 12, 2024
    • Modified: Aug. 15, 2024

  • 8.8

    HIGH
    CVE-2024-40474

    A Reflected Cross Site Scripting (XSS) vulnerability was found in "edit-cate.php" in SourceCodester House Rental Management System v1.0.... Read more

    • Published: Aug. 12, 2024
    • Modified: Aug. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-40472

    Sourcecodester Daily Calories Monitoring Tool v1.0 is vulnerable to SQL Injection via "delete-calorie.php."... Read more

    Affected Products : daily_calories_monitoring_tool
    • Published: Aug. 12, 2024
    • Modified: Aug. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-7462

    A vulnerability classified as critical has been found in TOTOLINK N350RT 9.3.5u.6139_B20201216. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to buffer overflow. It is possible to init... Read more

    Affected Products : n350rt_firmware n350rt
    • Published: Aug. 05, 2024
    • Modified: Aug. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-7463

    A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be ini... Read more

    Affected Products : cp900_firmware cp900
    • Published: Aug. 05, 2024
    • Modified: Aug. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-7464

    A vulnerability, which was classified as critical, has been found in TOTOLINK CP900 6.3c.566. This issue affects the function setTelnetCfg of the component Telnet Service. The manipulation of the argument telnet_enabled leads to command injection. The att... Read more

    Affected Products : cp900_firmware cp900
    • Published: Aug. 05, 2024
    • Modified: Aug. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-7465

    A vulnerability, which was classified as critical, was found in TOTOLINK CP450 4.1.0cu.747_B20191224. Affected is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. It is possible ... Read more

    Affected Products : cp450_firmware cp450
    • Published: Aug. 05, 2024
    • Modified: Aug. 15, 2024

  • 8.8

    HIGH
    CVE-2024-40465

    An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file... Read more

    Affected Products : beego
    • Published: Jul. 31, 2024
    • Modified: Aug. 15, 2024

  • 8.8

    HIGH
    CVE-2024-40464

    An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file... Read more

    Affected Products : beego
    • Published: Jul. 31, 2024
    • Modified: Aug. 15, 2024

  • 5.3

    MEDIUM
    CVE-2024-7411

    The Newsletters plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.9.9. This is due the plugin not preventing direct access to the /vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php. This makes it ... Read more

    Affected Products : newsletters
    • Published: Aug. 15, 2024
    • Modified: Aug. 15, 2024
Showing 20 of 291659 Results