Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2022-31911

    Online Discussion Forum Site v1.0 is vulnerable to SQL Injection via /odfs/classes/Master.php?f=delete_team.... Read more

    • Published: Jun. 16, 2022
    • Modified: Apr. 22, 2025

  • 6.5

    MEDIUM
    CVE-2022-31294

    An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts.... Read more

    • Published: Jun. 16, 2022
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2023-3152

    A vulnerability classified as critical has been found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\posts\view_post.php. The manipulation leads to sql injection. It is possible to initiate the attack re... Read more

    • Published: Jun. 07, 2023
    • Modified: Apr. 22, 2025

  • 6.5

    MEDIUM
    CVE-2021-46027

    mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added... Read more

    Affected Products : mysiteforme mysiteforme
    • Published: Jan. 19, 2022
    • Modified: Apr. 22, 2025

  • 10.0

    HIGH
    CVE-2013-4813

    The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745.... Read more

    • Published: Sep. 16, 2013
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2013-4809

    Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter.... Read more

    • Published: Sep. 16, 2013
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2023-3150

    A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file posts\manage_post.php. The manipulation of the argument id leads to sql ... Read more

    • Published: Jun. 07, 2023
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2023-3144

    A vulnerability classified as problematic was found in SourceCodester Online Discussion Forum Site 1.0. Affected by this vulnerability is an unknown functionality of the file admin\posts\manage_post.php. The manipulation of the argument title leads to cro... Read more

    • Published: Jun. 07, 2023
    • Modified: Apr. 22, 2025

  • 6.1

    MEDIUM
    CVE-2024-25854

    Cross Site Scripting (XSS) vulnerability in Sourcecodester Insurance Management System 1.0 allows attackers to run arbitrary code via the Subject and Description fields when submitting a support ticket.... Read more

    Affected Products : insurance_management_system
    • Published: Mar. 11, 2024
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2024-50609

    An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length ... Read more

    Affected Products : fluent_bit
    • Published: Feb. 18, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2024-2155

    A vulnerability was found in SourceCodester Best POS Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be in... Read more

    • Published: Mar. 04, 2024
    • Modified: Apr. 22, 2025

  • 7.8

    HIGH
    CVE-2024-49744

    In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to bypass parcel mismatch mitigation due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed... Read more

    Affected Products : android
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2024-49742

    In onCreate of NotificationAccessConfirmationActivity.java , there is a possible way to hide an app with notification access in Settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privi... Read more

    Affected Products : android
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2024-49738

    In writeInplace of Parcel.cpp, there is a possible out of bounds write. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-49737

    In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privi... Read more

    Affected Products : android
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2024-49736

    In onClick of MainClear.java, there is a possible way to trigger factory reset without explicit user consent due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is n... Read more

    Affected Products : android
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2024-49735

    In multiple locations, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation... Read more

    Affected Products : android
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-49734

    In multiple functions of ConnectivityService.java, there is a possible way for a Wi-Fi AP to determine what site a device has connected to through a VPN due to side channel information disclosure. This could lead to remote information disclosure with no a... Read more

    Affected Products : android
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2024-49733

    In reload of ServiceListing.java , there is a possible way to allow a malicious app to hide an NLS from Settings due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interac... Read more

    Affected Products : android
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2024-49732

    In multiple functions of CompanionDeviceManagerService.java, there is a possible way to grant permissions without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges need... Read more

    Affected Products : android
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authorization
Showing 20 of 293522 Results