Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-51151

    D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter.... Read more

    Affected Products : di-8200_firmware di-8200
    • Published: Nov. 21, 2024
    • Modified: Nov. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-52765

    H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter.... Read more

    Affected Products : gr-1800ax_firmware gr-1800ax
    • Published: Nov. 20, 2024
    • Modified: Mar. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-52702

    A stored cross-site scripting (XSS) vulnerability in the component install\index.php of MyBB v1.8.38 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Name parameter.... Read more

    Affected Products : mybb
    • Published: Nov. 20, 2024
    • Modified: Jul. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-52701

    A stored cross-site scripting (XSS) vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter.... Read more

    Affected Products : piwigo
    • Published: Nov. 20, 2024
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-52677

    HkCms <= v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php.... Read more

    Affected Products : hkcms
    • Published: Nov. 20, 2024
    • Modified: Mar. 13, 2025

  • 8.2

    HIGH
    CVE-2024-52581

    Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 2.13.0, the multipart form parser shipped with litestar expects the entire request body as a single byte string and there is no default limit for the total size of the... Read more

    Affected Products : litestar
    • Published: Nov. 20, 2024
    • Modified: Nov. 25, 2024

  • 0.0

    NA
    CVE-2024-49203

    Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query c... Read more

    Affected Products :
    • Published: Nov. 20, 2024
    • Modified: Feb. 21, 2025

  • 7.5

    HIGH
    CVE-2024-48986

    An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. Certain events cause a callback, the logic for which allocates a buffer (the length of which is... Read more

    Affected Products : mbed
    • Published: Nov. 20, 2024
    • Modified: Nov. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-48984

    An issue was discovered in MBed OS 6.16.0. When parsing hci reports, the hci parsing software dynamically determines the length of a list of reports by reading a byte from an input stream. It then fetches the length of the first report, uses it to calcula... Read more

    Affected Products :
    • Published: Nov. 20, 2024
    • Modified: Nov. 25, 2024

  • 7.5

    HIGH
    CVE-2024-48982

    An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. This value is assumed to be greater than or equal to 3, but the software doesn't ensure that th... Read more

    Affected Products : mbed
    • Published: Nov. 20, 2024
    • Modified: Nov. 25, 2024

  • 7.5

    HIGH
    CVE-2024-48536

    Incorrect access control in eSoft Planner 3.24.08271-USA allow attackers to view all transactions performed by the company via supplying a crafted web request.... Read more

    Affected Products :
    • Published: Nov. 20, 2024
    • Modified: Dec. 03, 2024

  • 5.4

    MEDIUM
    CVE-2024-48535

    A stored cross-site scripting (XSS) vulnerability in eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.... Read more

    Affected Products :
    • Published: Nov. 20, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-48534

    A reflected cross-site scripting (XSS) vulnerability on the Camp Details module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.... Read more

    Affected Products :
    • Published: Nov. 20, 2024
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2024-48533

    A discrepancy between responses for valid and invalid e-mail accounts in the Forgot your Login? module of eSoft Planner 3.24.08271-USA allows attackers to enumerate valid user e-mail accounts.... Read more

    Affected Products :
    • Published: Nov. 20, 2024
    • Modified: Dec. 03, 2024

  • 5.4

    MEDIUM
    CVE-2024-48531

    A reflected cross-site scripting (XSS) vulnerability on the Rental Availability module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.... Read more

    Affected Products :
    • Published: Nov. 20, 2024
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2024-48530

    An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products :
    • Published: Nov. 20, 2024
    • Modified: Dec. 03, 2024

  • 4.9

    MEDIUM
    CVE-2024-52757

    D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function.... Read more

    Affected Products : di-8003_firmware di-8003
    • Published: Nov. 20, 2024
    • Modified: Nov. 22, 2024

  • 4.9

    MEDIUM
    CVE-2024-52754

    D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function.... Read more

    Affected Products : di-8003_firmware di-8003
    • Published: Nov. 20, 2024
    • Modified: Nov. 22, 2024

  • 7.5

    HIGH
    CVE-2024-48985

    An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet data. A buffer is then allocated to contain the entire packet, the size of wh... Read more

    Affected Products : mbed
    • Published: Nov. 20, 2024
    • Modified: Nov. 25, 2024

  • 7.5

    HIGH
    CVE-2024-48983

    An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet header. A buffer is then allocated to contain the entire packet, the size of ... Read more

    Affected Products : mbed
    • Published: Nov. 20, 2024
    • Modified: Nov. 25, 2024
Showing 20 of 291222 Results