Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-50715

    An issue in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacker to obtain sensitive information via command injection through a vulnerable unsanitized parameter defined in the /youtubeInfo.php component.... Read more

    Affected Products : smart_agent
    • Published: Dec. 27, 2024
    • Modified: Apr. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-50713

    SmartAgent v1.1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/interface.php.... Read more

    Affected Products : smart_agent
    • Published: Dec. 27, 2024
    • Modified: Apr. 21, 2025

  • 9.3

    CRITICAL
    CVE-2024-56732

    HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function.... Read more

    Affected Products : harfbuzz
    • Published: Dec. 27, 2024
    • Modified: Dec. 28, 2024

  • 5.3

    MEDIUM
    CVE-2024-54454

    An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. An Observable Response Discrepancy vulnerability in the sendPasswordReinitLink action of the unlogged.do page allows remote attack... Read more

    Affected Products :
    • Published: Dec. 27, 2024
    • Modified: Dec. 31, 2024

  • 7.5

    HIGH
    CVE-2024-54453

    An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. A path traversal vulnerability in the DocServlet servlet allows remote attackers to retrieve any file from the Kurmi web applicati... Read more

    Affected Products :
    • Published: Dec. 27, 2024
    • Modified: Dec. 31, 2024

  • 4.9

    MEDIUM
    CVE-2024-54452

    An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35 and 7.10.x through 7.10.0.18. A Directory Traversal and Local File Inclusion vulnerability in the logsSys.do page allows remote attackers (authenticated as administrators) to trigger the ... Read more

    Affected Products :
    • Published: Dec. 27, 2024
    • Modified: Dec. 28, 2024

  • 4.8

    MEDIUM
    CVE-2024-54451

    A cross-site scripting (XSS) vulnerability in the graphicCustomization.do page in Kurmi Provisioning Suite before 7.9.0.38, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15 allows remote attackers (authenticated as system administrators) to inject a... Read more

    Affected Products :
    • Published: Dec. 27, 2024
    • Modified: Dec. 28, 2024

  • 9.4

    CRITICAL
    CVE-2024-54450

    An issue was discovered in Kurmi Provisioning Suite 7.9.0.33. If an X-Forwarded-For header is received during authentication, the Kurmi application will record the (possibly forged) IP address mentioned in that header rather than the real IP address that ... Read more

    Affected Products :
    • Published: Dec. 27, 2024
    • Modified: Dec. 28, 2024

  • 7.5

    HIGH
    CVE-2024-39025

    Incorrect access control in the /users endpoint of Cpacker MemGPT v0.3.17 allows attackers to access sensitive data.... Read more

    Affected Products :
    • Published: Dec. 27, 2024
    • Modified: Dec. 31, 2024

  • 5.3

    MEDIUM
    CVE-2024-12991

    A vulnerability was found in Beijing Longda Jushang Technology DBShop商城系统 3.3 Release 231225. It has been declared as problematic. This vulnerability affects unknown code of the file /home-order. The manipulation of the argument orderStatus with the input... Read more

    Affected Products :
    • Published: Dec. 27, 2024
    • Modified: Dec. 27, 2024

  • 5.9

    MEDIUM
    CVE-2024-53476

    A race condition vulnerability in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f allows attackers to bypass inventory restrictions by simultaneously submitting purchase requests from multiple accounts for the same product. This can lead ... Read more

    Affected Products :
    • Published: Dec. 27, 2024
    • Modified: Dec. 28, 2024

  • 7.5

    HIGH
    CVE-2024-50945

    An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, allowing users to submit reviews without verifying if they have purchased the product.... Read more

    Affected Products :
    • Published: Dec. 27, 2024
    • Modified: Mar. 18, 2025

  • 9.8

    CRITICAL
    CVE-2024-50944

    Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f in the shopping cart functionality. The issue lies in the quantity parameter in the CartController's AddToCart method.... Read more

    Affected Products :
    • Published: Dec. 27, 2024
    • Modified: Dec. 28, 2024

  • 5.3

    MEDIUM
    CVE-2024-12990

    A vulnerability was found in ruifang-tech Rebuild 3.8.6. It has been classified as problematic. This affects an unknown part of the file /user/admin-verify of the component Admin Verification Page. The manipulation of the argument nexturl with the input h... Read more

    Affected Products : rebuild
    • Published: Dec. 27, 2024
    • Modified: Dec. 27, 2024

  • 6.9

    MEDIUM
    CVE-2024-12989

    A vulnerability was found in WISI Tangram GT31 up to 20241214 and classified as problematic. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack may ... Read more

    Affected Products :
    • Published: Dec. 27, 2024
    • Modified: Dec. 27, 2024

  • 7.5

    HIGH
    CVE-2024-12988

    A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub_16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow... Read more

    • Published: Dec. 27, 2024
    • Modified: May. 28, 2025

  • 8.6

    HIGH
    CVE-2024-56509

    changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read (LFR) or path traversal attacks. The... Read more

    Affected Products : changedetection
    • Published: Dec. 27, 2024
    • Modified: Dec. 27, 2024

  • 7.6

    HIGH
    CVE-2024-56508

    LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a file upload vulnerability exists in the LinkAce. This issue occurs in the "Import Bookmarks" functionality, where malicious HTML files can be uploaded containi... Read more

    Affected Products :
    • Published: Dec. 27, 2024
    • Modified: Dec. 27, 2024

  • 4.6

    MEDIUM
    CVE-2024-56507

    LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a reflected cross-site scripting (XSS) vulnerability exists in the LinkAce. This issue occurs in the "URL" field of the "Edit Link" module, where user input is n... Read more

    Affected Products :
    • Published: Dec. 27, 2024
    • Modified: Dec. 27, 2024

  • 9.8

    CRITICAL
    CVE-2024-12987

    A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the ... Read more

    • Actively Exploited
    • Published: Dec. 27, 2024
    • Modified: May. 16, 2025
Showing 20 of 293643 Results