Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 0.0

    NONE
    CVE-2024-40430

    In SFTPGO 2.6.2, the JWT implementation lacks cerrtain security measures, such as using JWT ID (JTI) claims, nonces, and proper expiration and invalidation mechanisms.... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Jul. 22, 2024
  • 0.0

    NONE
    CVE-2024-37391

    ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss.... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Jul. 22, 2024
  • 0.0

    NONE
    CVE-2024-6271

    The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Jul. 22, 2024
  • 0.0

    NONE
    CVE-2024-6244

    The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Jul. 22, 2024
  • 0.0

    NONE
    CVE-2024-6243

    The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is di... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Jul. 22, 2024
  • 0.0

    NONE
    CVE-2024-5973

    The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have.... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Jul. 22, 2024
  • 0.0

    NONE
    CVE-2024-5529

    The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Jul. 22, 2024
  • 0.0

    NONE
    CVE-2024-5004

    The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Jul. 22, 2024
  • 0.0

    NONE
    CVE-2024-41709

    Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permiss... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Jul. 22, 2024
  • 0.0

    NONE
    CVE-2024-41704

    LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. (Work on a fixed version release has started in PR 3363.)... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Jul. 22, 2024
  • 0.0

    NONE
    CVE-2024-41703

    LibreChat through 0.7.4-rc1 has incorrect access control for message updates. (Work on a fixed version release has started in PR 3363.)... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Jul. 22, 2024
  • 6.3

    CVSS31
    CVE-2024-6970

    A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file /staffcatadd.php. The manipulation of the argument title leads to sql injection. It is possible to launch th... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Jul. 22, 2024
  • 6.3

    CVSS31
    CVE-2024-6969

    A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /ajax/get_patient_history.php. The manipulation of the argument patient_id leads to sq... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Jul. 22, 2024
  • 6.3

    CVSS31
    CVE-2024-6968

    A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /print_patients_visits.php. The manipulation of the argument from/to leads to sql inje... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Jul. 22, 2024
  • 6.3

    CVSS31
    CVE-2024-6967

    A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been classified as critical. This affects an unknown part of the file /employee_gatepass/admin/?page=employee/manage_employee. The manipulation of the ar... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Jul. 22, 2024
  • 7.3

    CVSS31
    CVE-2024-6966

    A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file login.php of the component Login. The manipulation of the argument user/pass lea... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Jul. 22, 2024
  • 8.8

    CVSS31
    CVE-2024-6965

    A vulnerability has been found in Tenda O3 1.0.0.10 and classified as critical. Affected by this vulnerability is the function fromVirtualSet. The manipulation of the argument ip/localPort/publicPort/app leads to stack-based buffer overflow. The attack ca... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Jul. 22, 2024
  • 8.8

    CVSS31
    CVE-2024-6964

    A vulnerability, which was classified as critical, was found in Tenda O3 1.0.0.10. Affected is the function fromDhcpSetSer. The manipulation of the argument dhcpEn/startIP/endIP/preDNS/altDNS/mask/gateway leads to stack-based buffer overflow. It is possib... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Jul. 22, 2024
  • 8.8

    CVSS31
    CVE-2024-6963

    A vulnerability, which was classified as critical, has been found in Tenda O3 1.0.0.10. This issue affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. T... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Jul. 22, 2024
  • 8.8

    CVSS31
    CVE-2024-6962

    A vulnerability classified as critical was found in Tenda O3 1.0.0.10. This vulnerability affects the function formQosSet. The manipulation of the argument remark/ipRange/upSpeed/downSpeed/enable leads to stack-based buffer overflow. The attack can be ini... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Jul. 22, 2024
Showing 20 of 124 Results