Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-13209

    A vulnerability was found in Redaxo CMS 5.18.1. It has been classified as problematic. Affected is an unknown function of the file /index.php?page=structure&category_id=1&article_id=1&clang=1&function=edit_art&artstart=0 of the component Structure Managem... Read more

    Affected Products : redaxo
    • Published: Jan. 09, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.5

    HIGH
    CVE-2024-13206

    A vulnerability classified as critical has been found in REVE Antivirus 1.0.0.0 on Linux. This affects an unknown part of the file /usr/local/reveantivirus/tmp/reveinstall. The manipulation leads to incorrect default permissions. It is possible to launch ... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2024-13205

    A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/create_product.php of the component Create Product Page. The manipulation of the argu... Read more

    Affected Products : e-commerce-php
    • Published: Jan. 09, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.0

    HIGH
    CVE-2024-13204

    A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /blog-details.php. The manipulation of the argument blog_id leads to sql injection. Th... Read more

    Affected Products : e-commerce-php
    • Published: Jan. 09, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2024-13203

    A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The vendor was cont... Read more

    Affected Products : e-commerce-php
    • Published: Jan. 09, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2024-13202

    A vulnerability was found in wander-chu SpringBoot-Blog 1.0 and classified as problematic. This issue affects the function modifiyArticle of the file src/main/java/com/my/blog/website/controller/admin/PageController.java of the component Blog Article Hand... Read more

    Affected Products : springboot-blog
    • Published: Jan. 09, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2024-13201

    A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and classified as critical. This vulnerability affects the function upload of the file src/main/java/com/my/blog/website/controller/admin/AttachtController.java of the component Admin Attach... Read more

    Affected Products : springboot-blog
    • Published: Jan. 09, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-13200

    A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. ... Read more

    Affected Products : springboot-blog
    • Published: Jan. 09, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 3.6

    LOW
    CVE-2024-37372

    The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.... Read more

    Affected Products : node.js
    • Published: Jan. 09, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2024-27980

    Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.... Read more

    Affected Products : node.js
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2024-13199

    A vulnerability classified as problematic was found in langhsu Mblog Blog System 3.5.0. Affected by this vulnerability is an unknown functionality of the file /search of the component Search Bar. The manipulation of the argument kw leads to cross site scr... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2024-13198

    A vulnerability classified as problematic has been found in langhsu Mblog Blog System 3.5.0. Affected is an unknown function of the file /login. The manipulation leads to observable response discrepancy. It is possible to launch the attack remotely. The c... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025

  • 5.5

    MEDIUM
    CVE-2023-38037

    ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the c... Read more

    Affected Products : activesupport
    • Published: Jan. 09, 2025
    • Modified: Feb. 15, 2025
    • Vuln Type: Information Disclosure

  • 4.0

    MEDIUM
    CVE-2023-28362

    The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Lo... Read more

    Affected Products : actionpack
    • Published: Jan. 09, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2023-28120

    There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.... Read more

    Affected Products : activesupport
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2023-27539

    There is a denial of service vulnerability in the header parsing component of Rack.... Read more

    Affected Products : rack rack
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2023-27531

    There is a deserialization of untrusted data vulnerability in the Kredis JSON deserialization code... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2023-23913

    There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the ... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-13197

    A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. It has been rated as problematic. This issue affects the function updateUser of the file src/main/Java/org/zdd/bookstore/web/controller/admin/AdminUserControlle.java. The manipulation leads t... Read more

    Affected Products : bookstore
    • Published: Jan. 09, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-13196

    A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. It has been declared as problematic. This vulnerability affects the function BookSearchList of the file src/main/java/org/zdd/bookstore/web/controller/BookInfoController.java. The manipulatio... Read more

    Affected Products : bookstore
    • Published: Jan. 09, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293493 Results