Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2024-45761

    Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or Java class leading to th... Read more

    • Published: Dec. 09, 2024
    • Modified: Feb. 04, 2025

  • 8.8

    HIGH
    CVE-2024-45760

    Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. A remote low privileged user could potentially exploit this vulnerability via the HTTP GET method leading to unauthorized action with ele... Read more

    • Published: Dec. 09, 2024
    • Modified: Feb. 04, 2025

  • 4.8

    MEDIUM
    CVE-2023-43962

    Cross Site Scripting vulnerability in Xunrui CMS Public Edition v.4.6.1 allows a remote attacker to execute arbitrary code via the project name function in the project settings tab.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2022-38946

    Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, allows attackers to execute arbitrary code.... Read more

    Affected Products : doctor-appointment
    • Published: Dec. 09, 2024
    • Modified: May. 17, 2025

  • 9.1

    CRITICAL
    CVE-2024-40583

    Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials.... Read more

    Affected Products : curovms
    • Published: Dec. 09, 2024
    • Modified: Apr. 17, 2025

  • 7.5

    HIGH
    CVE-2024-40582

    Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information.... Read more

    Affected Products : curovms
    • Published: Dec. 09, 2024
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2022-38947

    SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0 in entry.php in product_title parameter, allows attackers to execute arbitrary code.... Read more

    Affected Products : flipkart-clone-php
    • Published: Dec. 09, 2024
    • Modified: May. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-54920

    A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id par... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Mar. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-54919

    A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Dec. 10, 2024

  • 6.5

    MEDIUM
    CVE-2024-49603

    Dell PowerScale OneFS Versions 8.2.2.x through 9.9.0.x contain an incorrect specified argument vulnerability. A remote low privileged legitimate user could potentially exploit this vulnerability, leading to information disclosure.... Read more

    Affected Products : powerscale_onefs
    • Published: Dec. 09, 2024
    • Modified: Jan. 09, 2025

  • 6.5

    MEDIUM
    CVE-2024-49602

    Dell PowerScale OneFS Versions 8.2.2.x through 9.8.0.x contain an improper resource unlocking vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service.... Read more

    Affected Products : powerscale_onefs
    • Published: Dec. 09, 2024
    • Modified: Jan. 09, 2025

  • 7.8

    HIGH
    CVE-2024-49600

    Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of Privileges.... Read more

    Affected Products : power_manager
    • Published: Dec. 09, 2024
    • Modified: Feb. 04, 2025

  • 6.5

    MEDIUM
    CVE-2024-42426

    Dell PowerScale OneFS Versions 9.5.0.x through 9.8.0.x contain an uncontrolled resource consumption vulnerability. A low privilege remote attacker could potentially exploit this vulnerability, leading to denial of service.... Read more

    Affected Products : powerscale_onefs
    • Published: Dec. 09, 2024
    • Modified: Jan. 08, 2025

  • 4.3

    MEDIUM
    CVE-2024-38485

    Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. A remote low-privileged attacker could potentially exploit this vulnerability to trigger redirections that leads to sensitive information leakage.... Read more

    Affected Products : elastic_cloud_storage
    • Published: Dec. 09, 2024
    • Modified: Feb. 04, 2025

  • 5.6

    MEDIUM
    CVE-2024-11991

    Motoko's incremental garbage collector is impacted by an uninitialized memory access bug, caused by incorrect use of write barriers in a few locations. This vulnerability could potentially allow unauthorized read or write access to a Canister's memory. Ho... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 8.8

    HIGH
    CVE-2023-7298

    A maliciously crafted FBX file, when parsed through Autodesk FBX SDK, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of th... Read more

    Affected Products : fbx_software_development_kit
    • Published: Dec. 09, 2024
    • Modified: Aug. 18, 2025

  • 9.8

    CRITICAL
    CVE-2024-8259

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL Injection.This issue affects NatraCar B2B Dealer Management Program: thr... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 13, 2024

  • 5.3

    MEDIUM
    CVE-2024-54937

    A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Mar. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-54936

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Dec. 10, 2024

  • 7.2

    HIGH
    CVE-2024-54929

    KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Mar. 18, 2025
Showing 20 of 293436 Results