Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-53357

    Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias route; (2) modifiy a user via the /api/user/updateali... Read more

    Affected Products : co2scope dcscope
    • Published: Jan. 31, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-53356

    Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote attackers to generate JWT for privilege escalation. The HMAC secret used for generating tokens is hardcoded as "somerandomaccesstoken". A weak HMAC secret pose... Read more

    Affected Products : co2scope dcscope
    • Published: Jan. 31, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-53355

    Multiple incorrect access control issues in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias route; (2) modifiy a user via the /api/user/updatea... Read more

    Affected Products : co2scope dcscope
    • Published: Jan. 31, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-53354

    Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) user parameter to /api/management/findfilterlist; the (2) user or (3) filter para... Read more

    Affected Products : co2scope dcscope
    • Published: Jan. 31, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-0934

    A vulnerability was found in code-projects Job Recruitment 1.0. It has been classified as problematic. This affects an unknown part of the file /parse/_call_job_search_ajax.php. The manipulation of the argument n leads to sql injection. It is possible to ... Read more

    Affected Products : job_recruitment
    • Published: Jan. 31, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-0938

    The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFu... Read more

    Affected Products : python
    • Published: Jan. 31, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-23001

    A Host header injection vulnerability exists in CTFd 3.7.5, due to the application failing to properly validate or sanitize the Host header. An attacker can manipulate the Host header in HTTP requests, which may lead to phishing attacks, reset password, o... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-22957

    A SQL injection vulnerability exists in the front-end of the website in ZZCMS <= 2023, which can be exploited without any authentication. This vulnerability could potentially allow attackers to gain unauthorized access to the database and extract sensitiv... Read more

    Affected Products : zzcms
    • Published: Jan. 31, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-57432

    macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to fo... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-53584

    OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone parameter.... Read more

    Affected Products : openpanel
    • Published: Jan. 31, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-49349

    IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.1 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the ... Read more

    • Published: Jan. 31, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-49339

    IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.1 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the ... Read more

    • Published: Jan. 31, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-47857

    SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on public key signatures when using native SSH connections via a proxy port. This allows an existing PrivX "account A" to impersonate another existing PrivX "acc... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2024-42671

    A Host Header Poisoning Open Redirect issue in slabiak Appointment Scheduler v.1.0.5 allows a remote attacker to redirect users to a malicious website, leading to potential credential theft, malware distribution, or other malicious activities.... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2025-23215

    PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are included in jar published to Maven Central. The private key itself is not known to have been compromised itself, but given its pa... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Cryptography

  • 6.1

    MEDIUM
    CVE-2025-22994

    O2OA 9.1.3 is vulnerable to Cross Site Scripting (XSS) in Meetings - Settings.... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-53582

    An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to execute a directory traversal via a crafted HTTP request.... Read more

    Affected Products : openpanel
    • Published: Jan. 31, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2024-53537

    An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to execute a directory traversal in File Actions of File Manager.... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Mar. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-53320

    Qualisys C++ SDK commit a32a21a was discovered to contain multiple stack buffer overflows via the GetCurrentFrame, SaveCapture, and LoadProject functions.... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-53319

    A heap buffer overflow in the XML Text Escaping component of Qualisys C++ SDK commit a32a21a allows attackers to cause Denial of Service (DoS) via escaping special XML characters.... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291258 Results