Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-28025

    Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated H... Read more

    Affected Products : mc_lr_router_firmware mc_lr_router
    • Published: Nov. 21, 2024
    • Modified: Aug. 26, 2025

  • 9.8

    CRITICAL
    CVE-2024-21855

    A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.... Read more

    Affected Products : gocast
    • Published: Nov. 21, 2024
    • Modified: Dec. 20, 2024

  • 7.2

    HIGH
    CVE-2024-21786

    An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HT... Read more

    Affected Products : mc_lr_router_firmware mc_lr_router
    • Published: Nov. 21, 2024
    • Modified: Dec. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-11592

    A vulnerability has been found in 1000 Projects Beauty Parlour Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/about-us.php. The manipulation of the argument pagetitle leads to sql injection. Th... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Nov. 21, 2024
    • Modified: Dec. 10, 2024

  • 5.5

    MEDIUM
    CVE-2024-7130

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kion Computer KION Exchange Programs Software allows Reflected XSS.This issue affects KION Exchange Programs Software: before 1.21.9092.29966.... Read more

    Affected Products :
    • Published: Nov. 21, 2024
    • Modified: Nov. 25, 2024

  • 7.5

    HIGH
    CVE-2024-7026

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Teknogis Informatics Closed Circuit Vehicle Tracking Software allows SQL Injection, Blind SQL Injection.This issue affects Closed Circuit Vehicle Trackin... Read more

    Affected Products :
    • Published: Nov. 21, 2024
    • Modified: Jan. 09, 2025

  • 6.2

    MEDIUM
    CVE-2024-53426

    A heap-buffer-overflow vulnerability has been identified in ntopng 6.2 in the Flow::dissectMDNS function.... Read more

    Affected Products : ntopng
    • Published: Nov. 21, 2024
    • Modified: Nov. 26, 2024

  • 6.2

    MEDIUM
    CVE-2024-53425

    A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. This issue occurs when processing certain malformed MD5 model files, leading to an out-of-bounds read and potential application crash.... Read more

    Affected Products : assimp
    • Published: Nov. 21, 2024
    • Modified: Jun. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-11591

    A vulnerability, which was classified as critical, was found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/add-services.php. The manipulation of the argument sername leads to sql injection. It is po... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Nov. 21, 2024
    • Modified: Dec. 10, 2024

  • 5.3

    MEDIUM
    CVE-2024-11089

    The Anonymous Restricted Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensit... Read more

    Affected Products : anonymous_restricted_content
    • Published: Nov. 21, 2024
    • Modified: Jul. 07, 2025

  • 7.5

    HIGH
    CVE-2024-11088

    The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data fr... Read more

    Affected Products : simple_membership
    • Published: Nov. 21, 2024
    • Modified: Apr. 05, 2025

  • 7.5

    HIGH
    CVE-2024-7016

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Smarttek Informatics Smart Doctor allows Stored XSS.This issue affects Smart Doctor: through 21.11.2024. NOTE: The vendor was contacted early ab... Read more

    Affected Products : smart_doctor
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-11590

    A vulnerability, which was classified as critical, has been found in 1000 Projects Bookstore Management System 1.0. Affected by this issue is some unknown functionality of the file /forget_password_process.php. The manipulation of the argument unm leads t... Read more

    Affected Products : bookstore_management_system
    • Published: Nov. 21, 2024
    • Modified: Nov. 22, 2024

  • 8.8

    HIGH
    CVE-2024-11589

    A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /expcatedit.php. The manipulation of the argument id leads to sql injection. The attac... Read more

    Affected Products : tailoring_management_system
    • Published: Nov. 21, 2024
    • Modified: Nov. 22, 2024

  • 7.5

    HIGH
    CVE-2024-11588

    A vulnerability was found in AVL-DiTEST-DiagDev libdoip 1.0.0. It has been rated as problematic. This issue affects the function DoIPConnection::reactOnReceivedTcpMessage of the file DoIPConnection.cpp. The manipulation leads to null pointer dereference.... Read more

    Affected Products : libdoip
    • Published: Nov. 21, 2024
    • Modified: Nov. 22, 2024

  • 6.1

    MEDIUM
    CVE-2024-11587

    A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiat... Read more

    Affected Products : idccms
    • Published: Nov. 21, 2024
    • Modified: Nov. 22, 2024

  • 6.4

    MEDIUM
    CVE-2024-9851

    The LSX Tour Operator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated a... Read more

    Affected Products : lsx_tour_operator
    • Published: Nov. 21, 2024
    • Modified: Nov. 22, 2024

  • 4.1

    MEDIUM
    CVE-2024-9828

    The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'load_orders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks... Read more

    Affected Products : taskbuilder
    • Published: Nov. 21, 2024
    • Modified: May. 15, 2025

  • 4.8

    MEDIUM
    CVE-2024-9768

    The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallo... Read more

    Affected Products : formidable_forms
    • Published: Nov. 21, 2024
    • Modified: Nov. 26, 2024

  • 4.8

    MEDIUM
    CVE-2024-9600

    The Ditty WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks.... Read more

    Affected Products : ditty
    • Published: Nov. 21, 2024
    • Modified: May. 15, 2025
Showing 20 of 291209 Results