Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-56710

    In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in ceph_direct_read_write() The bvecs array which is allocated in iter_get_bvecs_alloc() is leaked and pages remain pinned if ceph_alloc_sparse_ext_map() fails. T... Read more

    Affected Products : linux_kernel
    • Published: Dec. 29, 2024
    • Modified: Apr. 17, 2025

  • 0.0

    NA
    CVE-2024-56709

    In the Linux kernel, the following vulnerability has been resolved: io_uring: check if iowq is killed before queuing task work can be executed after the task has gone through io_uring termination, whether it's the final task_work run or the fallback pat... Read more

    Affected Products : linux_kernel
    • Published: Dec. 29, 2024
    • Modified: Dec. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-13007

    A vulnerability, which was classified as critical, was found in Codezips Event Management System 1.0. Affected is an unknown function of the file /contact.php. The manipulation of the argument title leads to sql injection. It is possible to launch the att... Read more

    Affected Products : event_management_system
    • Published: Dec. 29, 2024
    • Modified: Feb. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-13006

    A vulnerability, which was classified as critical, has been found in 1000 Projects Human Resource Management System 1.0. This issue affects some unknown processing of the file /employeeview.php. The manipulation of the argument search leads to sql injecti... Read more

    Affected Products : human_resource_management_system
    • Published: Dec. 29, 2024
    • Modified: Dec. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-13005

    A vulnerability classified as critical was found in 1000 Projects Attendance Tracking Management System 1.0. This vulnerability affects unknown code of the file /admin/attendance_action.php. The manipulation of the argument attendance_id leads to sql inje... Read more

    • Published: Dec. 29, 2024
    • Modified: Mar. 05, 2025

  • 5.3

    MEDIUM
    CVE-2024-56738

    GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.... Read more

    Affected Products : grub2
    • Published: Dec. 29, 2024
    • Modified: Jun. 24, 2025

  • 8.8

    HIGH
    CVE-2024-56737

    GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.... Read more

    Affected Products : grub2
    • Published: Dec. 29, 2024
    • Modified: Jun. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-13004

    A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. This affects an unknown part of the file /admin/category.php. The manipulation of the argument state leads to sql injection. It is possible to initiate th... Read more

    Affected Products : complaint_management_system
    • Published: Dec. 29, 2024
    • Modified: Dec. 29, 2024

  • 7.5

    HIGH
    CVE-2018-25107

    The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand() function, which is not a secure source of random bits.... Read more

    Affected Products :
    • Published: Dec. 29, 2024
    • Modified: Dec. 31, 2024

  • 6.3

    MEDIUM
    CVE-2024-12238

    The The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.22. This is due to the software allowing users to execute an action that does ... Read more

    Affected Products : ninja_forms
    • Published: Dec. 29, 2024
    • Modified: Apr. 18, 2025

  • 9.8

    CRITICAL
    CVE-2024-13003

    A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /update_ed.php. The manipulation of the argument e_id leads to sql injection. T... Read more

    Affected Products : portfolio_management_system_mca
    • Published: Dec. 29, 2024
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-13002

    A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /order_process.php. The manipulation of the argument fnm leads to sql inje... Read more

    Affected Products : bookstore_management_system
    • Published: Dec. 29, 2024
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-13001

    A vulnerability was found in PHPGurukul Small CRM 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack rem... Read more

    Affected Products : small_crm
    • Published: Dec. 29, 2024
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-13000

    A vulnerability was found in PHPGurukul Small CRM 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/quote-details.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remo... Read more

    Affected Products : small_crm
    • Published: Dec. 29, 2024
    • Modified: Feb. 18, 2025

  • 9.8

    CRITICAL
    CVE-2024-12999

    A vulnerability has been found in PHPGurukul Small CRM 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remote... Read more

    Affected Products : small_crm
    • Published: Dec. 29, 2024
    • Modified: Feb. 18, 2025

  • 6.9

    MEDIUM
    CVE-2024-12998

    A vulnerability, which was classified as problematic, was found in code-projects Online Car Rental System 1.0. This affects an unknown part of the file /index.php of the component GET Parameter Handler. The manipulation leads to cross site scripting. It i... Read more

    Affected Products : online_car_rental_system
    • Published: Dec. 28, 2024
    • Modified: Mar. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-56512

    Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include bindin... Read more

    Affected Products : nifi
    • Published: Dec. 28, 2024
    • Modified: Feb. 11, 2025

  • 5.3

    MEDIUM
    CVE-2024-12995

    A vulnerability classified as problematic has been found in ruifang-tech Rebuild 3.8.6. This affects an unknown part of the file /project/050-9000000000000001/tasks of the component Project Tasks Section. The manipulation of the argument description leads... Read more

    Affected Products : rebuild
    • Published: Dec. 28, 2024
    • Modified: Dec. 28, 2024

  • 6.5

    MEDIUM
    CVE-2024-12994

    A vulnerability was found in running-elephant Datart 1.0.0-rc3. It has been rated as critical. Affected by this issue is the function extractModel of the file /import of the component File Upload. The manipulation of the argument file leads to deserializa... Read more

    Affected Products :
    • Published: Dec. 28, 2024
    • Modified: Dec. 28, 2024

  • 7.8

    HIGH
    CVE-2024-56708

    In the Linux kernel, the following vulnerability has been resolved: EDAC/igen6: Avoid segmentation fault on module unload The segmentation fault happens because: During modprobe: 1. In igen6_probe(), igen6_pvt will be allocated with kzalloc() 2. In ige... Read more

    Affected Products : linux_kernel
    • Published: Dec. 28, 2024
    • Modified: Jan. 08, 2025
Showing 20 of 293613 Results