Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-11257

    A vulnerability classified as critical has been found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. It is possible... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-11256

    A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument username leads to sql injection. The attack may ... Read more

    Affected Products : portfolio_management_system_mca
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-10934

    In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.... Read more

    Affected Products : openbsd openbsd
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 4.4

    MEDIUM
    CVE-2024-51330

    An issue in UltiMaker Cura v.4.41 and 5.8.1 and before allows a local attacker to execute arbitrary code via Inter-process communication (IPC) mechanism between Cura application and CuraEngine processes, localhost network stack, printing settings and G-co... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Nov. 27, 2024

  • 5.4

    MEDIUM
    CVE-2024-51142

    Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows an attacker to execute arbitrary code via the svkey parameter of the storageapi.php file.... Read more

    Affected Products : chamilo_lms
    • Published: Nov. 15, 2024
    • Modified: Apr. 18, 2025

  • 7.8

    HIGH
    CVE-2024-51141

    An issue in TOTOLINK Bluetooth Wireless Adapter A600UB allows a local attacker to execute arbitrary code via the WifiAutoInstallDriver.exe and MSASN1.dll components.... Read more

    Affected Products : a6000ub_firmware a6000ub
    • Published: Nov. 15, 2024
    • Modified: Jun. 17, 2025

  • 5.3

    MEDIUM
    CVE-2024-51037

    An issue in kodbox v.1.52.04 and before allows a remote attacker to obtain sensitive information via the captcha feature in the password reset function.... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-45971

    Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0 allow a malicious server to cause a stack-based buffer overflow via the MMS IdentifyResponse message.... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-45970

    Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit ac925fae8e281ac6defcd630e9dd756264e9c5bc allow a malicious server to cause a stack-based buffer overflow via the MMS FileDirResponse message.... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 7.5

    HIGH
    CVE-2024-45969

    NULL pointer dereference in the MMS Client in MZ Automation LibIEC1850 before commit 7afa40390b26ad1f4cf93deaa0052fe7e357ef33 allows a malicious server to Cause a Denial-of-Service via the MMS InitiationResponse message.... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 8.8

    HIGH
    CVE-2024-45608

    GLPI is a free asset and IT management software package. An authenticated user can perfom a SQL injection by changing its preferences. Upgrade to 10.0.17.... Read more

    Affected Products : glpi
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-43418

    GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17.... Read more

    Affected Products : glpi
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-43417

    GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Software form. Upgrade to 10.0.17.... Read more

    Affected Products : glpi
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024

  • 8.8

    HIGH
    CVE-2024-41679

    GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.17.... Read more

    Affected Products : glpi
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-24446

    An uninitialized pointer dereference in OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialContextSetupResponse message sent to the AMF.... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 7.5

    HIGH
    CVE-2024-24431

    A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet with a zero-length EMM message length.... Read more

    Affected Products : open5gs
    • Published: Nov. 15, 2024
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2024-24426

    Reachable assertions in the NGAP_FIND_PROTOCOLIE_BY_ID function of OpenAirInterface Magma v1.8.0 and OAI EPC Federation v1.2.0 allow attackers to cause a Denial of Service (DoS) via a crafted NGAP packet.... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Dec. 03, 2024

  • 6.5

    MEDIUM
    CVE-2024-24425

    Magma v1.8.0 and OAI EPC Federation v1.20 were discovered to contain an out-of-bounds read in the amf_as_establish_req function at /tasks/amf/amf_as.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 4.6

    MEDIUM
    CVE-2024-23169

    The web interface in RSA NetWitness 11.7.2.0 allows Cross-Site Scripting (XSS) via the Where textbox on the Reports screen during new rule creation.... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 5.4

    MEDIUM
    CVE-2024-52522

    Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ow... Read more

    Affected Products : rclone
    • Published: Nov. 15, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 291615 Results