Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-55601

    Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust... Read more

    Affected Products : hugo
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 8.8

    HIGH
    CVE-2024-50628

    An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead to remote code execution when combined with other issues.... Read more

    • Published: Dec. 09, 2024
    • Modified: Jun. 27, 2025

  • 8.8

    HIGH
    CVE-2024-50627

    An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Privilege Escalation vulnerability exists in the file upload feature. It allows an attacker on the local area network (with specific permissions) to upload and execute malicious files, poten... Read more

    • Published: Dec. 09, 2024
    • Modified: Jun. 27, 2025

  • 8.8

    HIGH
    CVE-2024-50626

    An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Directory Traversal vulnerability exists in WebFS. This allows an attacker on the local area network to manipulate URLs to include traversal sequences, potentially leading to unauthorized ac... Read more

    • Published: Dec. 09, 2024
    • Modified: Jun. 27, 2025

  • 8.0

    HIGH
    CVE-2024-50625

    An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload handling of a web application allows manipulation of file paths via POST requests. This can lead to arbitrary file uploads within specific directories, poten... Read more

    • Published: Dec. 09, 2024
    • Modified: Jun. 27, 2025

  • 2.7

    LOW
    CVE-2024-12174

    An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server.... Read more

    Affected Products : security_center
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 7.5

    HIGH
    CVE-2024-54151

    Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting `WEBSOCKETS_GRAPHQL_AUTH` or `WEBSOCKETS_REST_AUTH` to "public", an unauthenticated user is able to do an... Read more

    Affected Products : directus
    • Published: Dec. 09, 2024
    • Modified: Dec. 10, 2024

  • 8.4

    HIGH
    CVE-2024-54149

    Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox pl... Read more

    Affected Products : winter
    • Published: Dec. 09, 2024
    • Modified: Jun. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-46455

    unstructured v.0.14.2 and before is vulnerable to XML External Entity (XXE) via the XMLParser.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 12, 2024

  • 4.2

    MEDIUM
    CVE-2024-12369

    A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization c... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Apr. 17, 2025

  • 9.1

    CRITICAL
    CVE-2024-53441

    An issue in the index.js decryptCookie function of cookie-encrypter v1.0.1 allows attackers to execute a bit flipping attack.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 12, 2024

  • 7.5

    HIGH
    CVE-2024-54938

    A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-54934

    Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-54932

    Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-54931

    A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Apr. 24, 2025

  • 7.2

    HIGH
    CVE-2024-54928

    kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php,... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Apr. 24, 2025

  • 7.2

    HIGH
    CVE-2024-54927

    Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-54925

    A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Apr. 14, 2025

  • 9.8

    CRITICAL
    CVE-2024-54924

    A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Apr. 14, 2025

  • 9.8

    CRITICAL
    CVE-2024-54923

    A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Apr. 14, 2025
Showing 20 of 292275 Results