Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2022-23737

    An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organizati... Read more

    Affected Products : enterprise_server
    • Published: Dec. 01, 2022
    • Modified: Apr. 24, 2025

  • 4.3

    MEDIUM
    CVE-2024-1319

    The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. (e.g. draft, private, pending review, password-protected, and trashed po... Read more

    Affected Products : event_tickets
    • Published: Mar. 04, 2024
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-54931

    A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-52675

    SourceCodester Sentiment Based Movie Rating System 1.0 is vulnerable to SQL Injection in /msrps/movies.php.... Read more

    • Published: Nov. 19, 2024
    • Modified: Apr. 24, 2025

  • 7.2

    HIGH
    CVE-2024-32847

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-20101

    In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998901; Iss... Read more

    Affected Products : android mt6985 mt6989 mt6990 mt8183 mt8676 mt8678 mt8755 mt8775 mt8792 +7 more products
    • Published: Oct. 07, 2024
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-20103

    In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001358; I... Read more

    Affected Products : android mt6985 mt6989 mt6990 mt8183 mt8678 mt8796 mt8695 mt3605 mt7927 +4 more products
    • Published: Oct. 07, 2024
    • Modified: Apr. 24, 2025

  • 8.4

    HIGH
    CVE-2024-20104

    In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09073261; Issue ID: M... Read more

    Affected Products : android openwrt yocto rdk-b mt6781 mt6789 mt6835 mt6855 mt6878 mt6879 +14 more products
    • Published: Nov. 04, 2024
    • Modified: Apr. 24, 2025

  • 6.7

    MEDIUM
    CVE-2024-20106

    In m4u, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08960505; Issue ID: MSV... Read more

    Affected Products : android mt6779 mt6785 mt6853 mt6873 mt6885 mt6739 mt6761 mt6765 mt6768 +4 more products
    • Published: Nov. 04, 2024
    • Modified: Apr. 24, 2025

  • 6.2

    MEDIUM
    CVE-2024-20107

    In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09124360; Issue ID:... Read more

    Affected Products : android openwrt yocto rdk-b mt6781 mt6789 mt6835 mt6855 mt6878 mt6879 +14 more products
    • Published: Nov. 04, 2024
    • Modified: Apr. 24, 2025

  • 6.5

    MEDIUM
    CVE-2023-51327

    A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generat... Read more

    Affected Products : cleaning_business_software
    • Published: Feb. 20, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2023-51326

    A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generat... Read more

    Affected Products : cleaning_business_software
    • Published: Feb. 20, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2023-51315

    PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "seat_name, plugin_sms_api_key, plugin_sms_country_code, title, name" parameters.... Read more

    Affected Products : restaurant_booking_system
    • Published: Feb. 20, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2023-51314

    A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Restaurant Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large ... Read more

    Affected Products : restaurant_booking_system
    • Published: Feb. 20, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2023-51301

    A lack of rate limiting in the "Login Section, Forgot Email" feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large am... Read more

    Affected Products : hotel_booking_system
    • Published: Feb. 19, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2023-44753

    A stored cross-site scripting (XSS) vulnerability fin Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter on the profile.php page.... Read more

    • Published: Apr. 22, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2023-44752

    An issue in Student Study Center Desk Management System v1.0 allows attackers to bypass authentication via a crafted GET request to /php-sscdms/admin/login.php.... Read more

    • Published: Apr. 22, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2023-44040

    In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting (XSS) vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate.... Read more

    Affected Products : veridiumad
    • Published: Apr. 03, 2024
    • Modified: Apr. 24, 2025

  • 7.5

    HIGH
    CVE-2023-36643

    Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all orders from the online shop via oordershow component in customer function.... Read more

    Affected Products : tradepro
    • Published: Apr. 04, 2024
    • Modified: Apr. 24, 2025

  • 9.3

    CRITICAL
    CVE-2024-7263

    Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitig... Read more

    Affected Products : wps_office windows
    • Published: Aug. 15, 2024
    • Modified: Apr. 24, 2025
Showing 20 of 293562 Results