Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-48180

    ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code.... Read more

    Affected Products : classcms
    • Published: Oct. 16, 2024
    • Modified: Apr. 28, 2025

  • 7.5

    HIGH
    CVE-2024-33865

    An issue was discovered in linqi before 1.4.0.1 on Windows. There is an NTLM hash leak via the /api/Cdn/GetFile and /api/DocumentTemplate/{GUID] endpoints.... Read more

    Affected Products : windows linqi
    • Published: May. 14, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-33863

    An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/Cdn/GetFile local file inclusion.... Read more

    Affected Products : windows linqi
    • Published: May. 14, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-30355

    OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required.... Read more

    Affected Products : ovaledge
    • Published: Oct. 25, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-46101

    GDidees CMS <= v3.9.1 has a file upload vulnerability.... Read more

    Affected Products : gdidees_cms
    • Published: Sep. 20, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-47218

    An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows bypassing authentication.... Read more

    Affected Products : nebulagraph_database
    • Published: Sep. 22, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-47219

    An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection.... Read more

    • Published: Sep. 22, 2024
    • Modified: Apr. 28, 2025

  • 8.0

    HIGH
    CVE-2024-46084

    Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function.... Read more

    Affected Products : scriptcase
    • Published: Oct. 01, 2024
    • Modified: Apr. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-46082

    Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters.... Read more

    Affected Products : scriptcase
    • Published: Oct. 01, 2024
    • Modified: Apr. 28, 2025

  • 8.0

    HIGH
    CVE-2024-46080

    Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function.... Read more

    Affected Products : scriptcase
    • Published: Oct. 01, 2024
    • Modified: Apr. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-46083

    Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into any user's account on the platform. It is importa... Read more

    Affected Products : scriptcase
    • Published: Oct. 01, 2024
    • Modified: Apr. 28, 2025

  • 6.1

    MEDIUM
    CVE-2024-46079

    Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in proj_new.php via the Descricao parameter.... Read more

    Affected Products : scriptcase
    • Published: Oct. 01, 2024
    • Modified: Apr. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-46081

    Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads in the To-Do List. The assigned user will trigger a stored XSS, which is particularly dangerous because tasks are assigned to v... Read more

    Affected Products : scriptcase
    • Published: Oct. 01, 2024
    • Modified: Apr. 28, 2025

  • 7.4

    HIGH
    CVE-2025-21591

    A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to ... Read more

    Affected Products : junos
    • Published: Apr. 09, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2024-55516

    A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 v3.90. The component affected by this issue is /upload_sysconfig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading... Read more

    • Published: Dec. 17, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-55515

    A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_ipslib.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded.... Read more

    • Published: Dec. 17, 2024
    • Modified: Apr. 28, 2025

  • 6.3

    MEDIUM
    CVE-2024-55514

    A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_sfmig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to u... Read more

    • Published: Dec. 17, 2024
    • Modified: Apr. 28, 2025

  • 9.1

    CRITICAL
    CVE-2024-55513

    A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_netaction.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading ... Read more

    • Published: Dec. 17, 2024
    • Modified: Apr. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-29507

    Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.... Read more

    Affected Products : ghostscript
    • Published: Jul. 03, 2024
    • Modified: Apr. 28, 2025

  • 6.3

    MEDIUM
    CVE-2024-29510

    Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.... Read more

    Affected Products : ghostscript
    • Published: Jul. 03, 2024
    • Modified: Apr. 28, 2025
Showing 20 of 291736 Results