Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.7

    HIGH
    CVE-2024-45594

    Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.28.3 and 0.29.0.... Read more

    Affected Products : decidim
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-8049

    In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process un... Read more

    • Published: Nov. 13, 2024
    • Modified: Nov. 18, 2024

  • 7.1

    HIGH
    CVE-2024-7295

    In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.... Read more

    Affected Products : telerik_report_server
    • Published: Nov. 13, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-52306

    FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9.... Read more

    Affected Products : filemanager
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-52305

    UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can ... Read more

    Affected Products : unopim
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 9.0

    CRITICAL
    CVE-2024-52300

    macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the ... Read more

    Affected Products : pdf_viewer_macro
    • Published: Nov. 13, 2024
    • Modified: Nov. 18, 2024

  • 7.5

    HIGH
    CVE-2024-52299

    macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the ... Read more

    Affected Products : pdf_viewer_macro
    • Published: Nov. 13, 2024
    • Modified: Nov. 18, 2024

  • 7.5

    HIGH
    CVE-2024-52298

    macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker can view a page whose last author has access to the att... Read more

    Affected Products : pdf_viewer_macro
    • Published: Nov. 13, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-52295

    DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OID are hardcoded. The vulnerability has been fixed in v2... Read more

    Affected Products : dataease
    • Published: Nov. 13, 2024
    • Modified: Feb. 20, 2025

  • 7.2

    HIGH
    CVE-2024-52293

    Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulner... Read more

    Affected Products : craft_cms
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 7.2

    HIGH
    CVE-2024-50972

    A SQL injection vulnerability in printtool.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the borrow_id parameter.... Read more

    Affected Products : construction_management_system
    • Published: Nov. 13, 2024
    • Modified: Nov. 18, 2024

  • 7.2

    HIGH
    CVE-2024-50971

    A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the map_id parameter.... Read more

    Affected Products : construction_management_system
    • Published: Nov. 13, 2024
    • Modified: Nov. 18, 2024

  • 8.8

    HIGH
    CVE-2024-50970

    A SQL injection vulnerability in orderview1.php of Itsourcecode Online Furniture Shopping Project 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.... Read more

    Affected Products : online_furniture_shopping_project
    • Published: Nov. 13, 2024
    • Modified: Nov. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-50969

    A Reflected cross-site scripting (XSS) vulnerability in browse.php of Code-projects Jonnys Liquor 1.0 allows remote attackers to inject arbitrary web scripts or HTML via the search parameter.... Read more

    Affected Products : jonnys_liquor
    • Published: Nov. 13, 2024
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2024-11175

    A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may... Read more

    Affected Products : publiccms
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 7.8

    HIGH
    CVE-2024-10013

    In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability.... Read more

    • Published: Nov. 13, 2024
    • Modified: Jul. 03, 2025

  • 7.8

    HIGH
    CVE-2024-10012

    In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability.... Read more

    Affected Products : ui_for_wpf
    • Published: Nov. 13, 2024
    • Modified: Jan. 07, 2025

  • 6.1

    MEDIUM
    CVE-2024-9477

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS).This issue affects Air4443 Firmware: through 14102024. NOTE: The vendor was contacted... Read more

    Affected Products : air4443_firmware air4443
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 8.8

    HIGH
    CVE-2024-50854

    Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function.... Read more

    Affected Products : g3_firmware g3_firmware g3
    • Published: Nov. 13, 2024
    • Modified: Mar. 14, 2025

  • 8.8

    HIGH
    CVE-2024-50853

    Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function.... Read more

    Affected Products : g3_firmware g3
    • Published: Nov. 13, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 291728 Results