Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-55082

    A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Jan. 02, 2025

  • 4.8

    MEDIUM
    CVE-2024-38864

    Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data.... Read more

    Affected Products : checkmk windows checkmk
    • Published: Dec. 19, 2024
    • Modified: Aug. 25, 2025

  • 5.9

    MEDIUM
    CVE-2024-12798

    ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration f... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Jan. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-12787

    A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/check_student_login.php. The manipulation of the argument... Read more

    • Published: Dec. 19, 2024
    • Modified: Jan. 10, 2025

  • 7.5

    HIGH
    CVE-2024-54790

    A SQL Injection vulnerability was found in /index.php in PHPGurukul Pre-School Enrollment System v1.0, which allows remote attackers to execute arbitrary code via the visittime parameter.... Read more

    Affected Products : pre-school_enrollment_system
    • Published: Dec. 19, 2024
    • Modified: Mar. 27, 2025

  • 8.8

    HIGH
    CVE-2024-47093

    Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS... Read more

    Affected Products : nagvis
    • Published: Dec. 19, 2024
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2024-25131

    A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to ... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 8.5

    HIGH
    CVE-2024-12786

    A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Affected is the function shouldAcceptNewConnection of the file com.x1a0he.macOS.Adobe-Downloader.helper of the component XPC Service. The manipul... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 8.8

    HIGH
    CVE-2024-12785

    A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file sendmail.php. The manipulation of the argument id leads to sql injection. The... Read more

    • Published: Dec. 19, 2024
    • Modified: Feb. 07, 2025

  • 5.0

    MEDIUM
    CVE-2024-9102

    phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a comman... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Apr. 16, 2025

  • 2.1

    LOW
    CVE-2024-9101

    A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is un... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-12784

    A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been classified as critical. Affected is an unknown function of the file editbill.php. The manipulation of the argument id leads to sql injection. It is possible to launch the... Read more

    Affected Products : vehicle_management_system
    • Published: Dec. 19, 2024
    • Modified: Feb. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-10244

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ISDO Software Web Software allows SQL Injection.This issue affects Web Software: before 3.6.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 9.8

    CRITICAL
    CVE-2021-26102

    A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configur... Read more

    Affected Products : fortiwan
    • Published: Dec. 19, 2024
    • Modified: Jan. 21, 2025

  • 6.1

    MEDIUM
    CVE-2024-12783

    A vulnerability was found in itsourcecode Vehicle Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /billaction.php. The manipulation of the argument extra-cost leads to cross site scripting. The a... Read more

    • Published: Dec. 19, 2024
    • Modified: Jan. 10, 2025

  • 7.5

    HIGH
    CVE-2024-12782

    A vulnerability has been found in Fujifilm Business Innovation Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Feb. 28, 2025

  • 9.8

    CRITICAL
    CVE-2021-32589

    A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and F... Read more

    • Published: Dec. 19, 2024
    • Modified: Jan. 31, 2025

  • 5.5

    MEDIUM
    CVE-2024-45819

    PVH guests have their ACPI tables constructed by the toolstack. The construction involves building the tables in local memory, which are then copied into guest memory. While actually used parts of the local memory are filled in correctly, excess space t... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 31, 2024

  • 6.5

    MEDIUM
    CVE-2024-45818

    The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode. Locking involved there has an unusual discipline, leaving a lock acquired past the return from the function that acquired it. Th... Read more

    Affected Products : xen
    • Published: Dec. 19, 2024
    • Modified: May. 20, 2025

  • 6.5

    MEDIUM
    CVE-2024-37962

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Fusion allows Stored XSS.This issue affects Fusion: from n/a through 1.6.1.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024
Showing 20 of 293365 Results