Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2024-46966

    The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) application through 1.0.42 for Android allows an attacker to execute arbitrary JavaScript code via the mn.ikhgur.khotoch.MainActivity component.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 8.1

    HIGH
    CVE-2024-46964

    The com.video.downloader.all (aka All Video Downloader) application through 11.28 for Android allows an attacker to execute arbitrary JavaScript code via the com.video.downloader.all.StartActivity component.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 8.1

    HIGH
    CVE-2024-46963

    The com.superfast.video.downloader (aka Super Unlimited Video Downloader - All in One) application through 5.1.9 for Android allows an attacker to execute arbitrary JavaScript code via the com.bluesky.browser.ui.BrowserMainActivity component.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 9.1

    CRITICAL
    CVE-2024-46962

    The SYQ com.downloader.video.fast (aka Master Video Downloader) application through 2.0 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.video.fast.SpeedMainAct component.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-44546

    Powerjob >= 3.20 is vulnerable to SQL injection via the version parameter.... Read more

    Affected Products : powerjob
    • Published: Nov. 11, 2024
    • Modified: Jun. 27, 2025

  • 7.5

    HIGH
    CVE-2024-52532

    GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.... Read more

    Affected Products : libsoup
    • Published: Nov. 11, 2024
    • Modified: Sep. 05, 2025

  • 8.4

    HIGH
    CVE-2024-52531

    GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application ma... Read more

    Affected Products : libsoup
    • Published: Nov. 11, 2024
    • Modified: Sep. 04, 2025

  • 7.5

    HIGH
    CVE-2024-52530

    GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.... Read more

    Affected Products : libsoup
    • Published: Nov. 11, 2024
    • Modified: Sep. 04, 2025

  • 5.1

    MEDIUM
    CVE-2024-52288

    libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust and Python3. In affected versions an unexpected `REPLY_CCRYPT` or `REPLY_RMAC_I` may be introduced into an active str... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 2.0

    LOW
    CVE-2024-52286

    Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input (file name) and uses it directly in the creation of HTML pages allowing an... Read more

    Affected Products : stirling_pdf
    • Published: Nov. 11, 2024
    • Modified: Jan. 09, 2025

  • 4.1

    MEDIUM
    CVE-2024-51992

    Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue (CWE-749: Exposed Dangerous Method or Function) in the Orchid Platform... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 9.1

    CRITICAL
    CVE-2024-51748

    Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by ... Read more

    Affected Products : kanboard
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 9.1

    CRITICAL
    CVE-2024-51747

    Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its `... Read more

    Affected Products : kanboard
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 9.0

    CRITICAL
    CVE-2024-51490

    Ampache is a web based audio/video streaming application and file manager. This vulnerability exists in the interface section of the Ampache menu, where users can change "Custom URL - Logo". This section is not properly sanitized, allowing for the input o... Read more

    Affected Products : ampache
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024

  • 5.4

    MEDIUM
    CVE-2024-51489

    Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another. This vulnerability could be exploited to forge CSRF at... Read more

    Affected Products : ampache
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024

  • 5.4

    MEDIUM
    CVE-2024-51488

    Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulnerability could be exploited to forge CSRF attacks, allowi... Read more

    Affected Products : ampache
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024

  • 8.1

    HIGH
    CVE-2024-51487

    Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. This vulnerability allows an attacker to exploit CSRF at... Read more

    Affected Products : ampache
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024

  • 8.4

    HIGH
    CVE-2024-51486

    Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URL - Favicon". This section is not properly sanitized, allowing for the i... Read more

    Affected Products : ampache
    • Published: Nov. 11, 2024
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2024-51485

    Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to exploit CSRF at... Read more

    Affected Products : ampache
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024

  • 8.1

    HIGH
    CVE-2024-51484

    Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating controllers. This vulnerability allows an attacker to exploit CSR... Read more

    Affected Products : ampache
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024
Showing 20 of 293527 Results