Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-55058

    An insecure direct object reference (IDOR) vulnerability was discovered in PHPGurukul Online Birth Certificate System v1.0. This vulnerability resides in the viewid parameter of /user/view-application-detail.php. Authenticated users can exploit this flaw ... Read more

    Affected Products : online_birth_certificate_system
    • Published: Dec. 17, 2024
    • Modified: Mar. 27, 2025

  • 5.4

    MEDIUM
    CVE-2024-55057

    Phpgurukul Online Birth Certificate System 1.0 suffers from insufficient password requirements which can lead to unauthorized access to user accounts.... Read more

    Affected Products : online_birth_certificate_system
    • Published: Dec. 17, 2024
    • Modified: Mar. 27, 2025

  • 5.4

    MEDIUM
    CVE-2024-55056

    A stored cross-site scripting (XSS) vulnerability was identified in Phpgurukul Online Birth Certificate System 1.0 in /user/certificate-form.php via the full name field.... Read more

    Affected Products : online_birth_certificate_system
    • Published: Dec. 17, 2024
    • Modified: Mar. 27, 2025

  • 6.5

    MEDIUM
    CVE-2024-12539

    An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow.... Read more

    Affected Products : elasticsearch elasticsearch
    • Published: Dec. 17, 2024
    • Modified: Feb. 04, 2025

  • 6.1

    MEDIUM
    CVE-2024-11993

    Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field... Read more

    • Published: Dec. 17, 2024
    • Modified: Mar. 28, 2025

  • 9.1

    CRITICAL
    CVE-2024-55516

    A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 v3.90. The component affected by this issue is /upload_sysconfig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading... Read more

    • Published: Dec. 17, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-55515

    A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_ipslib.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded.... Read more

    • Published: Dec. 17, 2024
    • Modified: Apr. 28, 2025

  • 6.3

    MEDIUM
    CVE-2024-55514

    A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_sfmig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to u... Read more

    • Published: Dec. 17, 2024
    • Modified: Apr. 28, 2025

  • 9.1

    CRITICAL
    CVE-2024-55513

    A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_netaction.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading ... Read more

    • Published: Dec. 17, 2024
    • Modified: Apr. 28, 2025

  • 7.3

    HIGH
    CVE-2024-49194

    Databricks JDBC Driver 2.x before 2.6.40 could potentially allow remote code execution (RCE) by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper handling of the krbJAASFile parameter. An attacker could pote... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Jul. 02, 2025

  • 6.9

    MEDIUM
    CVE-2024-56139

    pdftools is a high level tools to convert PDF files to ePUB formats. In versions up to and including 0.5.0 maliciously crafted epub files can cause a stack overflow leading to a crash. This issue has not yet been addressed and users are advised to avoid u... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 20, 2024

  • 7.5

    HIGH
    CVE-2024-51479

    Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly unde... Read more

    Affected Products : next.js
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 9.1

    CRITICAL
    CVE-2024-55496

    A vulnerability has been found in the 1000projects Bookstore Management System PHP MySQL Project 1.0. This issue affects some unknown functionality of add_company.php. Actions on the delete parameter result in SQL injection.... Read more

    Affected Products : bookstore_management_system
    • Published: Dec. 17, 2024
    • Modified: May. 02, 2025

  • 9.1

    CRITICAL
    CVE-2024-54662

    Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access control for some sockd.conf configurations involving socksmethod.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 18, 2024

  • 3.7

    LOW
    CVE-2024-49820

    IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability t... Read more

    • Published: Dec. 17, 2024
    • Modified: Jan. 10, 2025

  • 7.5

    HIGH
    CVE-2024-49819

    IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.... Read more

    • Published: Dec. 17, 2024
    • Modified: Jan. 10, 2025

  • 4.3

    MEDIUM
    CVE-2024-49818

    IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks ... Read more

    • Published: Dec. 17, 2024
    • Modified: Jan. 07, 2025

  • 4.4

    MEDIUM
    CVE-2024-49817

    IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user.... Read more

    • Published: Dec. 17, 2024
    • Modified: Jan. 07, 2025

  • 4.9

    MEDIUM
    CVE-2024-49816

    IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.... Read more

    • Published: Dec. 17, 2024
    • Modified: Jan. 07, 2025

  • 3.1

    LOW
    CVE-2024-42194

    An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024
Showing 20 of 292897 Results