Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-11818

    A vulnerability classified as critical has been found in PHPGurukul User Registration & Login and User Management System 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument email leads to sql injection. It is possib... Read more

    • Published: Nov. 27, 2024
    • Modified: Dec. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-11817

    A vulnerability was found in PHPGurukul User Registration & Login and User Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipulation of the argument username l... Read more

    • Published: Nov. 26, 2024
    • Modified: Dec. 03, 2024

  • 7.5

    HIGH
    CVE-2024-53675

    An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.... Read more

    Affected Products : insight_remote_support
    • Published: Nov. 26, 2024
    • Modified: Dec. 12, 2024

  • 7.5

    HIGH
    CVE-2024-53674

    An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.... Read more

    Affected Products : insight_remote_support
    • Published: Nov. 26, 2024
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-53673

    A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code.... Read more

    Affected Products : insight_remote_support
    • Published: Nov. 26, 2024
    • Modified: Dec. 12, 2024

  • 7.5

    HIGH
    CVE-2024-11622

    An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.... Read more

    Affected Products : insight_remote_support
    • Published: Nov. 26, 2024
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-50942

    qiwen-file v1.4.0 was discovered to contain a SQL injection vulnerability via the component /mapper/NoticeMapper.xml.... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Dec. 04, 2024

  • 5.7

    MEDIUM
    CVE-2024-43784

    lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username a... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-11745

    A vulnerability was found in Tenda AC8 16.03.34.09 and classified as critical. Affected by this issue is the function route_static_check of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The... Read more

    Affected Products : ac8_firmware ac8
    • Published: Nov. 26, 2024
    • Modified: Dec. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-11744

    A vulnerability has been found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument name leads to sql inject... Read more

    Affected Products : portfolio_management_system_mca
    • Published: Nov. 26, 2024
    • Modified: Dec. 03, 2024

  • 7.4

    HIGH
    CVE-2024-8676

    A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod reques... Read more

    Affected Products : openshift_container_platform
    • Published: Nov. 26, 2024
    • Modified: Jul. 02, 2025

  • 7.6

    HIGH
    CVE-2024-49053

    Microsoft Dynamics 365 Sales Spoofing Vulnerability... Read more

    Affected Products : dynamics_365 dynamics_365_sales
    • Published: Nov. 26, 2024
    • Modified: Jan. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-49052

    Missing authentication for critical function in Microsoft Azure PolicyWatch allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_functions
    • Published: Nov. 26, 2024
    • Modified: Feb. 05, 2025

  • 9.6

    CRITICAL
    CVE-2024-49038

    Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.... Read more

    Affected Products : copilot_studio
    • Published: Nov. 26, 2024
    • Modified: Jan. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-49035

    An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.... Read more

    Affected Products : partner_center
    • Actively Exploited
    • Published: Nov. 26, 2024
    • Modified: Feb. 27, 2025

  • 6.9

    MEDIUM
    CVE-2024-11743

    A vulnerability, which was classified as problematic, was found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /rental/ajax.php?action=delete_user of the component POST Request Handler. The manipulat... Read more

    • Published: Nov. 26, 2024
    • Modified: Dec. 04, 2024

  • 5.4

    MEDIUM
    CVE-2024-11742

    A vulnerability, which was classified as problematic, has been found in SourceCodester Best House Rental Management System 1.0. This issue affects some unknown processing of the file /rental/ajax.php?action=save_tenant. The manipulation of the argument la... Read more

    • Published: Nov. 26, 2024
    • Modified: Dec. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-11145

    Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Joomla! application. Fixed in versions 3.8 and 4.5.... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 5.3

    MEDIUM
    CVE-2024-10240

    An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some infor... Read more

    Affected Products : gitlab
    • Published: Nov. 26, 2024
    • Modified: Dec. 13, 2024

  • 9.0

    CRITICAL
    CVE-2019-17082

    Insufficiently Protected Credentials vulnerability in OpenText™ AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system the vulnerability could allow anyone who knows a valid AccuRev username can use the AccuRev client to login ... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Dec. 17, 2024
Showing 20 of 291712 Results