Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2023-7005

    A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-55081

    An XML External Entity (XXE) injection vulnerability in the component /datagrip/upload of Chat2DB v0.3.5 allows attackers to execute arbitrary code via supplying a crafted XML input.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Jan. 02, 2025

  • 6.2

    MEDIUM
    CVE-2024-52896

    IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.... Read more

    • Published: Dec. 19, 2024
    • Modified: Aug. 19, 2025

  • 2.4

    LOW
    CVE-2024-12801

    Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12  on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Jan. 03, 2025

  • 8.2

    HIGH
    CVE-2024-12790

    A vulnerability was found in code-projects Hostel Management Site 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file room-details.php. The manipulation leads to cross site scripting. The attack can be initiated r... Read more

    Affected Products : hostel_management_system
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-12789

    A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is possible to initi... Read more

    Affected Products : pbootcms
    • Published: Dec. 19, 2024
    • Modified: Jan. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-12788

    A vulnerability was found in Codezips Technical Discussion Forum 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file signinpost.php. The manipulation of the argument username leads to sql injection. The attack ... Read more

    Affected Products : technical_discussion_forum
    • Published: Dec. 19, 2024
    • Modified: Jan. 10, 2025

  • 5.3

    MEDIUM
    CVE-2021-22501

    Improper Restriction of XML External Entity Reference vulnerability in OpenText™ Operations Bridge Manager allows Input Data Manipulation.  The vulnerability could be exploited to confidential information This issue affects Operations Bridge Manager: 20... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 8.6

    HIGH
    CVE-2024-9154

    A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system level on the device. This issue affects Ewon Flexy 205: through 14.8s0 (#2633).... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 22, 2024

  • 7.5

    HIGH
    CVE-2024-55082

    A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Jan. 02, 2025

  • 4.8

    MEDIUM
    CVE-2024-38864

    Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data.... Read more

    Affected Products : checkmk windows checkmk
    • Published: Dec. 19, 2024
    • Modified: Aug. 25, 2025

  • 5.9

    MEDIUM
    CVE-2024-12798

    ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration f... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Jan. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-12787

    A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/check_student_login.php. The manipulation of the argument... Read more

    • Published: Dec. 19, 2024
    • Modified: Jan. 10, 2025

  • 7.5

    HIGH
    CVE-2024-54790

    A SQL Injection vulnerability was found in /index.php in PHPGurukul Pre-School Enrollment System v1.0, which allows remote attackers to execute arbitrary code via the visittime parameter.... Read more

    Affected Products : pre-school_enrollment_system
    • Published: Dec. 19, 2024
    • Modified: Mar. 27, 2025

  • 8.8

    HIGH
    CVE-2024-47093

    Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS... Read more

    Affected Products : nagvis
    • Published: Dec. 19, 2024
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2024-25131

    A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to ... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 8.5

    HIGH
    CVE-2024-12786

    A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Affected is the function shouldAcceptNewConnection of the file com.x1a0he.macOS.Adobe-Downloader.helper of the component XPC Service. The manipul... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 8.8

    HIGH
    CVE-2024-12785

    A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file sendmail.php. The manipulation of the argument id leads to sql injection. The... Read more

    • Published: Dec. 19, 2024
    • Modified: Feb. 07, 2025

  • 5.0

    MEDIUM
    CVE-2024-9102

    phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a comman... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Apr. 16, 2025

  • 2.1

    LOW
    CVE-2024-9101

    A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is un... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024
Showing 20 of 293354 Results