Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-55633

    Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgr... Read more

    Affected Products : superset
    • Published: Dec. 12, 2024
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-54842

    A SQL injection vulnerability was found in phpgurukul Online Nurse Hiring System v1.0 in /admin/password-recovery.php via the mobileno parameter.... Read more

    Affected Products : online_nurse_hiring_system
    • Published: Dec. 12, 2024
    • Modified: Apr. 03, 2025

  • 9.2

    CRITICAL
    CVE-2024-21575

    ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the `image.filename` field in a POST request sent to the `/upload/temp` endpoint added by the extension to the server. This results in writing arbitrary files ... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 4.4

    MEDIUM
    CVE-2024-50584

    An authenticated attacker with the user/role "Poweruser" can perform an SQL injection by accessing the /class/template_io.php file and supplying malicious GET parameters. The "templates" parameter is vulnerable against blind boolean-based SQL injection at... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 13, 2024

  • 8.4

    HIGH
    CVE-2024-28146

    The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device.... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 13, 2024

  • 5.9

    MEDIUM
    CVE-2024-28145

    An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. The HTTP GET parameters search, table, field, and value are vulnerable. For example, one SQL injection can be perfo... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 13, 2024

  • 5.5

    MEDIUM
    CVE-2024-28144

    An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 13, 2024

  • 8.4

    HIGH
    CVE-2024-28143

    The password change function at /cgi/admin.cgi does not require the current/old password, which makes the application vulnerable to account takeover. An attacker can use this to forcefully set a new password within the -rsetpass+-aaction+- parameter for a... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 13, 2024

  • 6.2

    MEDIUM
    CVE-2024-54122

    Concurrent variable access vulnerability in the ability module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Dec. 12, 2024
    • Modified: Jan. 14, 2025

  • 7.5

    HIGH
    CVE-2024-54119

    Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Dec. 12, 2024
    • Modified: Jan. 14, 2025

  • 4.7

    MEDIUM
    CVE-2024-47947

    Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users P... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 4.7

    MEDIUM
    CVE-2024-36498

    Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users P... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 4.7

    MEDIUM
    CVE-2024-36494

    Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The login page at /cgi/slogin.cgi suffers from XSS due to improper input filtering of the -tsetup+-uuser pa... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 4.7

    MEDIUM
    CVE-2024-28142

    Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page (/cgi/uset.cgi?-cfilename) in the User Settings menu improperly filters the "file name... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 4.4

    MEDIUM
    CVE-2024-12271

    The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ref’ parameter in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping. This makes it possible for authent... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 6.4

    MEDIUM
    CVE-2024-9387

    An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open redirect against a given releases API endpoint.... Read more

    Affected Products : gitlab
    • Published: Dec. 12, 2024
    • Modified: Jul. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-9367

    An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) co... Read more

    Affected Products : gitlab
    • Published: Dec. 12, 2024
    • Modified: Jul. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-8647

    An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was ena... Read more

    Affected Products : gitlab
    • Published: Dec. 12, 2024
    • Modified: Jul. 11, 2025

  • 7.5

    HIGH
    CVE-2024-8233

    An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request.... Read more

    Affected Products : gitlab
    • Published: Dec. 12, 2024
    • Modified: Jul. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-8179

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled.... Read more

    Affected Products : gitlab
    • Published: Dec. 12, 2024
    • Modified: Jul. 11, 2025
Showing 20 of 293302 Results