Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2021-1491

    A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying file system of the device. This vulnerability is due to insufficient file ... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Nov. 15, 2024
    • Modified: Aug. 04, 2025

  • 6.5

    MEDIUM
    CVE-2021-1484

    A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to inject arbitrary commands on an affected system and cause a denial of service (DoS) condition. This vulnerability is due to improper inpu... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Nov. 15, 2024
    • Modified: Aug. 04, 2025

  • 6.4

    MEDIUM
    CVE-2021-1483

    A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. This vulnerability is due to improper handling of XML Ext... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Nov. 15, 2024
    • Modified: Aug. 04, 2025

  • 6.4

    MEDIUM
    CVE-2021-1482

    A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain access to sensitive information on an affected system. This vulnerability ... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Nov. 15, 2024
    • Modified: Aug. 04, 2025

  • 4.3

    MEDIUM
    CVE-2021-1481

    A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due to insufficient ... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Nov. 15, 2024
    • Modified: Aug. 04, 2025

  • 4.9

    MEDIUM
    CVE-2021-1470

    A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper input validation of SQ... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Nov. 15, 2024
    • Modified: Jun. 24, 2025

  • 5.4

    MEDIUM
    CVE-2021-1466

    A vulnerability in the vDaemon service of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to cause a buffer overflow on an affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Nov. 15, 2024
    • Modified: Aug. 04, 2025

  • 5.0

    MEDIUM
    CVE-2021-1464

    A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain restricted access to the configuration information of an affected system. This vulnerability exists because the ... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Nov. 15, 2024
    • Modified: Aug. 04, 2025

  • 7.8

    HIGH
    CVE-2024-52555

    In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script... Read more

    Affected Products : webstorm
    • Published: Nov. 15, 2024
    • Modified: Jan. 31, 2025

  • 5.4

    MEDIUM
    CVE-2024-52526

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter ... Read more

    Affected Products : librenms
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024

  • 5.4

    MEDIUM
    CVE-2024-51497

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the "unit" parameter when c... Read more

    Affected Products : librenms
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024

  • 5.4

    MEDIUM
    CVE-2024-51496

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting (XSS) vulnerability in the "metric" parameter of the "/wireless" and "/health" endpoints allows attackers to inject arbitrary JavaScript. This vul... Read more

    Affected Products : librenms
    • Published: Nov. 15, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-51495

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the "overwrite_ip" parameter when e... Read more

    Affected Products : librenms
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024

  • 5.4

    MEDIUM
    CVE-2024-51494

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when editing ... Read more

    Affected Products : librenms
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024

  • 9.1

    CRITICAL
    CVE-2024-51164

    Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via /je/login/btnLog/insertBtnLog, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.... Read more

    Affected Products : jepaas
    • Published: Nov. 15, 2024
    • Modified: Jun. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-50724

    KASO v9.0 was discovered to contain a SQL injection vulnerability via the person_id parameter at /cardcase/editcard.jsp.... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Dec. 03, 2024

  • 6.3

    MEDIUM
    CVE-2024-50652

    A file upload vulnerability in java_shop 1.0 allows attackers to upload arbitrary files by modifying the avatar function.... Read more

    Affected Products : java_shop
    • Published: Nov. 15, 2024
    • Modified: Nov. 22, 2024

  • 6.5

    MEDIUM
    CVE-2024-50651

    java_shop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.... Read more

    Affected Products : java_shop
    • Published: Nov. 15, 2024
    • Modified: Nov. 27, 2024

  • 7.5

    HIGH
    CVE-2024-50650

    python_book V1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.... Read more

    Affected Products : python_book
    • Published: Nov. 15, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-50649

    The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability.... Read more

    Affected Products : python_book
    • Published: Nov. 15, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 291728 Results