Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-51488

    Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulnerability could be exploited to forge CSRF attacks, allowi... Read more

    Affected Products : ampache
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024

  • 8.1

    HIGH
    CVE-2024-51487

    Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. This vulnerability allows an attacker to exploit CSRF at... Read more

    Affected Products : ampache
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024

  • 8.4

    HIGH
    CVE-2024-51486

    Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URL - Favicon". This section is not properly sanitized, allowing for the i... Read more

    Affected Products : ampache
    • Published: Nov. 11, 2024
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2024-51485

    Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to exploit CSRF at... Read more

    Affected Products : ampache
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024

  • 8.1

    HIGH
    CVE-2024-51484

    Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating controllers. This vulnerability allows an attacker to exploit CSR... Read more

    Affected Products : ampache
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024

  • 4.8

    MEDIUM
    CVE-2024-51190

    TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the ptRule_ApplicationName_1.1.6.0.0 parameter on the /special_ap.htm page.... Read more

    • Published: Nov. 11, 2024
    • Modified: Apr. 01, 2025

  • 4.8

    MEDIUM
    CVE-2024-51189

    TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page.... Read more

    • Published: Nov. 11, 2024
    • Modified: Apr. 01, 2025

  • 4.8

    MEDIUM
    CVE-2024-51188

    TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the /virtual_server.htm page.... Read more

    • Published: Nov. 11, 2024
    • Modified: Apr. 01, 2025

  • 4.8

    MEDIUM
    CVE-2024-51187

    TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm page.... Read more

    • Published: Nov. 11, 2024
    • Modified: Apr. 01, 2025

  • 8.0

    HIGH
    CVE-2024-51186

    D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions.... Read more

    Affected Products : dir-820l_firmware dir-820l
    • Published: Nov. 11, 2024
    • Modified: May. 07, 2025

  • 8.1

    HIGH
    CVE-2024-48322

    UsersController.php in Run.codes 1.5.2 and older has a reset password race condition vulnerability.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 5.4

    MEDIUM
    CVE-2024-46965

    The DS allvideo.downloader.browser (aka Fast Video Downloader: Browser) application through 1.6-RC1 for Android allows an attacker to execute arbitrary JavaScript code via the allvideo.downloader.browser.DefaultBrowserActivity component.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-36061

    EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 5.4

    MEDIUM
    CVE-2024-11078

    A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument e/role leads to cross site scripting.... Read more

    Affected Products : job_recruitment
    • Published: Nov. 11, 2024
    • Modified: Feb. 14, 2025

  • 6.9

    MEDIUM
    CVE-2024-10315

    In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-51135

    An XML External Entity (XXE) vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-50667

    The boa httpd of Trendnet TEW-820AP 1.01.B01 has a stack overflow vulnerability in /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, /boafrm/formDnsv6. The reason is that the check of ipv6 address is not sufficient, which allows attackers to construct payloads... Read more

    Affected Products : tew-820ap_firmware tew-820ap
    • Published: Nov. 11, 2024
    • Modified: Apr. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-11077

    A vulnerability, which was classified as critical, was found in code-projects Job Recruitment 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack r... Read more

    Affected Products : job_recruitment
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024

  • 9.8

    CRITICAL
    CVE-2024-11076

    A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0. This issue affects some unknown processing of the file /activation.php. The manipulation of the argument e_hash leads to sql injection. The attack may ... Read more

    Affected Products : job_recruitment
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024

  • 9.8

    CRITICAL
    CVE-2024-11074

    A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. This vulnerability affects unknown code of the file /incadd.php. The manipulation of the argument inccat/desc/date/amount leads to sql injection. The attack ... Read more

    Affected Products : tailoring_management_system
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024
Showing 20 of 291812 Results