Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-56527

    An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.... Read more

    Affected Products : tcpdf
    • Published: Dec. 27, 2024
    • Modified: Apr. 17, 2025

  • 5.1

    MEDIUM
    CVE-2024-12982

    A vulnerability was found in PHPGurukul Blood Bank & Donor Management System 2.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bbdms/admin/update-contactinfo.php. The manipulation of the argument Addr... Read more

    • Published: Dec. 27, 2024
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-12981

    A vulnerability was found in CodeAstro Car Rental System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bookingconfirm.php. The manipulation of the argument driver_id_from_dropdown leads to s... Read more

    Affected Products : car_rental_system
    • Published: Dec. 27, 2024
    • Modified: Mar. 05, 2025

  • 4.8

    MEDIUM
    CVE-2024-11921

    The GiveWP WordPress plugin before 3.19.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : givewp
    • Published: Dec. 27, 2024
    • Modified: May. 14, 2025

  • 4.3

    MEDIUM
    CVE-2024-11842

    The DN Shipping by Weight for WooCommerce WordPress plugin before 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    • Published: Dec. 27, 2024
    • Modified: May. 17, 2025

  • 4.8

    MEDIUM
    CVE-2024-11645

    The float block WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for... Read more

    Affected Products : float_block
    • Published: Dec. 27, 2024
    • Modified: Jun. 12, 2025

  • 5.9

    MEDIUM
    CVE-2024-11644

    The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cr... Read more

    Affected Products : wp-svg
    • Published: Dec. 27, 2024
    • Modified: May. 14, 2025

  • 4.8

    MEDIUM
    CVE-2024-11605

    The wp-publications WordPress plugin through 1.2 does not escape filenames before outputting them back in the page, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabilit... Read more

    Affected Products : wp-publications
    • Published: Dec. 27, 2024
    • Modified: Jun. 12, 2025

  • 7.5

    HIGH
    CVE-2024-56522

    An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.... Read more

    Affected Products : tcpdf
    • Published: Dec. 27, 2024
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-56521

    An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.... Read more

    Affected Products : tcpdf
    • Published: Dec. 27, 2024
    • Modified: Apr. 21, 2025

  • 7.3

    HIGH
    CVE-2024-56520

    An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed.... Read more

    Affected Products : tcpdf tcpdf
    • Published: Dec. 27, 2024
    • Modified: Jan. 02, 2025

  • 7.5

    HIGH
    CVE-2024-56519

    An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.... Read more

    Affected Products : tcpdf
    • Published: Dec. 27, 2024
    • Modified: Apr. 21, 2025

  • 6.9

    MEDIUM
    CVE-2024-12980

    A vulnerability was found in code-projects Job Recruitment 1.0. It has been classified as problematic. Affected is the function fln_update of the file /_parse/_all_edits.php. The manipulation of the argument fname/lname leads to cross site scripting. It i... Read more

    Affected Products : job_recruitment
    • Published: Dec. 27, 2024
    • Modified: Feb. 18, 2025

  • 6.9

    MEDIUM
    CVE-2024-12979

    A vulnerability was found in code-projects Job Recruitment 1.0 and classified as problematic. This issue affects the function cn_update of the file /_parse/_all_edits.php. The manipulation of the argument cname leads to cross site scripting. The attack ma... Read more

    Affected Products : job_recruitment
    • Published: Dec. 27, 2024
    • Modified: Feb. 18, 2025

  • 7.5

    HIGH
    CVE-2024-12978

    A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as critical. This vulnerability affects the function add_req of the file /_parse/_all_edits.php. The manipulation of the argument jid/limit leads to sql injection. The atta... Read more

    Affected Products : job_recruitment
    • Published: Dec. 27, 2024
    • Modified: Feb. 18, 2025

  • 6.5

    MEDIUM
    CVE-2024-9774

    A vulnerability was found in python-sql where unary operators do not escape non-Expression.... Read more

    Affected Products :
    • Published: Dec. 27, 2024
    • Modified: Feb. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-12977

    A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management System 1.0. This affects an unknown part of the file /admin/state.php. The manipulation of the argument state leads to sql injection. It is possible to initiat... Read more

    Affected Products : complaint_management_system
    • Published: Dec. 27, 2024
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-12976

    A vulnerability, which was classified as critical, has been found in CodeZips Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /staff.php. The manipulation of the argument tel leads to sql injection. The att... Read more

    • Published: Dec. 27, 2024
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-12969

    A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument u... Read more

    • Published: Dec. 26, 2024
    • Modified: Mar. 28, 2025

  • 5.3

    MEDIUM
    CVE-2024-56361

    LGSL (Live Game Server List) provides online status for games. Before 7.0.0, a stored cross-site scripting (XSS) vulnerability was identified in lgsl. The function lgsl_query_40 in lgsl_protocol.php has implemented an HTTP crawler. This function makes a r... Read more

    Affected Products :
    • Published: Dec. 26, 2024
    • Modified: Dec. 27, 2024
Showing 20 of 294503 Results