Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-50701

    TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin.... Read more

    Affected Products : teampass
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 7.2

    HIGH
    CVE-2024-54181

    IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system.... Read more

    Affected Products : linux_kernel websphere_automation
    • Published: Dec. 30, 2024
    • Modified: Mar. 28, 2025

  • 9.3

    CRITICAL
    CVE-2024-10044

    A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to explo... Read more

    Affected Products : fastchat
    • Published: Dec. 30, 2024
    • Modified: Jul. 29, 2025

  • 4.8

    MEDIUM
    CVE-2024-12993

    Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges.  After multiple attempts to contact the v... Read more

    Affected Products :
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-47926

    Tecnick TCExam – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Read more

    Affected Products : tcexam
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 7.5

    HIGH
    CVE-2024-47925

    Tecnick TCExam – Multiple CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : tcexam
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 7.5

    HIGH
    CVE-2024-47924

    Boa web server – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products :
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 5.3

    MEDIUM
    CVE-2024-47923

    Mashov – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor... Read more

    Affected Products : mashov
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 7.5

    HIGH
    CVE-2024-47922

    Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor... Read more

    Affected Products :
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 8.4

    HIGH
    CVE-2024-47921

    Smadar SPS – CWE-327: Use of a Broken or Risky Cryptographic Algorithm... Read more

    Affected Products :
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 7.5

    HIGH
    CVE-2024-47920

    Tiki Wiki CMS – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products :
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-47919

    Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Read more

    Affected Products :
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 6.1

    MEDIUM
    CVE-2024-47918

    Tiki Wiki CMS – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)... Read more

    Affected Products :
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 7.5

    HIGH
    CVE-2024-47917

    CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products :
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 9.0

    CRITICAL
    CVE-2024-22063

    The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. An authenticated attacker can exploit this vulnerability to tamper with messages, inject malicious code, and subsequently launch attacks on related devices.... Read more

    Affected Products : zenic_one_r58
    • Published: Dec. 30, 2024
    • Modified: Jan. 28, 2025

  • 8.8

    HIGH
    CVE-2024-13039

    A vulnerability was found in code-projects Simple Chat System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /add_user.php. The manipulation of the argument name/email/password/number leads to sql inje... Read more

    Affected Products : simple_chat_system
    • Published: Dec. 30, 2024
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-13038

    A vulnerability was found in CodeAstro Simple Loan Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login. The manipulation of the argument email le... Read more

    Affected Products : simple_loan_management_system
    • Published: Dec. 30, 2024
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-13037

    A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been classified as critical. Affected is the function attendance_report of the file /admin/report.php. The manipulation of the argument course_id leads to sql inj... Read more

    • Published: Dec. 30, 2024
    • Modified: Jan. 06, 2025

  • 7.5

    HIGH
    CVE-2024-13036

    A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/update_room.php. The manipulation of the argument id/name/password leads to sql injection. The attack may ... Read more

    Affected Products : chat_system chat_system chat_system
    • Published: Dec. 30, 2024
    • Modified: Jan. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-13035

    A vulnerability has been found in code-projects Chat System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/update_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated... Read more

    Affected Products : chat_system chat_system chat_system
    • Published: Dec. 30, 2024
    • Modified: Jan. 06, 2025
Showing 20 of 293612 Results