Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-53856

    rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1.... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 8.8

    HIGH
    CVE-2024-53472

    WeGIA v3.2.0 was discovered to contain a Cross-Site Request Forgery (CSRF).... Read more

    Affected Products : wegia
    • Published: Dec. 05, 2024
    • Modified: Apr. 09, 2025

  • 6.1

    MEDIUM
    CVE-2024-53471

    Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/meio_pagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter.... Read more

    Affected Products : wegia
    • Published: Dec. 05, 2024
    • Modified: Apr. 09, 2025

  • 6.1

    MEDIUM
    CVE-2024-53470

    Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/gateway_pagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter.... Read more

    Affected Products : wegia
    • Published: Dec. 05, 2024
    • Modified: Apr. 09, 2025

  • 4.6

    MEDIUM
    CVE-2024-12247

    Mattermost versions 9.7.x <= 9.7.5, 9.8.x <= 9.8.2 and 9.9.x <= 9.9.2 fail to properly propagate permission scheme updates across cluster nodes which allows a user to keep old permissions, even if the permission scheme has been updated.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 6.1

    MEDIUM
    CVE-2024-12232

    A vulnerability has been found in code-projects Simple CRUD Functionality 1.0 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument newtitle/newdescr leads to cross site scripting. ... Read more

    Affected Products : simple_crud_functionality
    • Published: Dec. 05, 2024
    • Modified: Feb. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-12231

    A vulnerability, which was classified as critical, was found in CodeZips Project Management System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the atta... Read more

    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 5.9

    MEDIUM
    CVE-2024-10716

    Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search.... Read more

    Affected Products : infinity
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-12230

    A vulnerability, which was classified as critical, has been found in PHPGurukul Complaint Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/subcategory.php. The manipulation of the argument category leads to sq... Read more

    Affected Products : complaint_management_system
    • Published: Dec. 05, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-12229

    A vulnerability classified as critical was found in PHPGurukul Complaint Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/complaint-search.php. The manipulation of the argument search leads to sql inject... Read more

    Affected Products : complaint_management_system
    • Published: Dec. 05, 2024
    • Modified: Dec. 10, 2024

  • 5.9

    MEDIUM
    CVE-2024-11942

    A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10.... Read more

    Affected Products : drupal
    • Published: Dec. 05, 2024
    • Modified: Jun. 02, 2025

  • 7.5

    HIGH
    CVE-2024-11941

    A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8.... Read more

    Affected Products : drupal
    • Published: Dec. 05, 2024
    • Modified: Jun. 02, 2025

  • 4.3

    MEDIUM
    CVE-2024-54679

    CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions.... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 06, 2024

  • 8.1

    HIGH
    CVE-2024-53703

    A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.... Read more

    Affected Products : sma100_firmware
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 5.3

    MEDIUM
    CVE-2024-53702

    Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.... Read more

    Affected Products : sma100_firmware
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 8.2

    HIGH
    CVE-2024-52271

    User Interface (UI) Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): ... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 6.3

    MEDIUM
    CVE-2024-45319

    A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication.... Read more

    Affected Products : sma100_firmware
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 8.1

    HIGH
    CVE-2024-45318

    A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.... Read more

    Affected Products : sma100_firmware
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 7.5

    HIGH
    CVE-2024-40763

    Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution.... Read more

    Affected Products : sma100_firmware
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-12228

    A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. Affected is an unknown function of the file /admin/user-search.php. The manipulation of the argument search leads to sql injection. It is possible to laun... Read more

    Affected Products : complaint_management_system
    • Published: Dec. 05, 2024
    • Modified: Dec. 10, 2024
Showing 20 of 291906 Results