Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-54004

    Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system.... Read more

    Affected Products : filesystem_list_parameter
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 8.0

    HIGH
    CVE-2024-54003

    Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission.... Read more

    Affected Products :
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 6.8

    MEDIUM
    CVE-2024-51228

    An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302R... Read more

    • Published: Nov. 27, 2024
    • Modified: Nov. 29, 2024

  • 4.2

    MEDIUM
    CVE-2024-37816

    Quectel EC25-EUX EC25EUXGAR08A05M1G was discovered to contain a stack overflow.... Read more

    Affected Products :
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 8.0

    HIGH
    CVE-2024-31976

    EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS commands via the Controller connectivity parameter.... Read more

    Affected Products :
    • Published: Nov. 27, 2024
    • Modified: Nov. 29, 2024

  • 6.4

    MEDIUM
    CVE-2024-21703

    This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated ... Read more

    • Published: Nov. 27, 2024
    • Modified: Jul. 30, 2025

  • 6.9

    MEDIUM
    CVE-2024-11860

    A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects an unknown part of the file /rental/ajax.php?action=delete_tenant of the component POST Request Handler. The manipulation of the ... Read more

    • Published: Nov. 27, 2024
    • Modified: Dec. 04, 2024

  • 7.8

    HIGH
    CVE-2024-53920

    In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsa... Read more

    Affected Products : emacs
    • Published: Nov. 27, 2024
    • Modified: Apr. 30, 2025

  • 8.0

    HIGH
    CVE-2024-52951

    Stored Cross-Site Scripting in the Access Request History in Omada Identity before version 15 update 1 allows an authenticated attacker to execute arbitrary code in the browser of a victim via a specially crafted link or by viewing a manipulated Access Re... Read more

    Affected Products :
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 4.8

    MEDIUM
    CVE-2024-46055

    OpenVidReview 1.0 is vulnerable to Cross Site Scripting (XSS) in review names.... Read more

    Affected Products : openvidreview
    • Published: Nov. 27, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-46054

    OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /upload route is accessible without authentication, allowing any user to upload files.... Read more

    Affected Products : openvidreview
    • Published: Nov. 27, 2024
    • Modified: May. 15, 2025

  • 5.1

    MEDIUM
    CVE-2024-11862

    Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks... Read more

    Affected Products :
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 4.8

    MEDIUM
    CVE-2024-53635

    A Reflected Cross Site Scripting (XSS) vulnerability was found in /covid-tms/patient-search-report.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata POST request parameter... Read more

    Affected Products : covid19_testing_management_system
    • Published: Nov. 27, 2024
    • Modified: Apr. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-53604

    A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the mobnumber POST request parameter.... Read more

    Affected Products : covid19_testing_management_system
    • Published: Nov. 27, 2024
    • Modified: Mar. 27, 2025

  • 7.3

    HIGH
    CVE-2024-53603

    A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter.... Read more

    Affected Products : covid19_testing_management_system
    • Published: Nov. 27, 2024
    • Modified: Mar. 27, 2025

  • 2.7

    LOW
    CVE-2024-36464

    When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected... Read more

    Affected Products : zabbix
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 2.7

    LOW
    CVE-2024-42333

    The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c... Read more

    Affected Products : zabbix
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 3.7

    LOW
    CVE-2024-42332

    The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to ... Read more

    Affected Products : zabbix
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 3.3

    LOW
    CVE-2024-42331

    In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browser_push_error method in the src/libs/zbxembed/browser_error.c file. A u... Read more

    Affected Products : zabbix
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 9.1

    CRITICAL
    CVE-2024-42330

    The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. Th... Read more

    Affected Products : zabbix
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024
Showing 20 of 291395 Results