Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-11074

    A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. This vulnerability affects unknown code of the file /incadd.php. The manipulation of the argument inccat/desc/date/amount leads to sql injection. The attack ... Read more

    Affected Products : tailoring_management_system
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024

  • 4.8

    MEDIUM
    CVE-2024-45087

    IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials di... Read more

    Affected Products : websphere_application_server
    • Published: Nov. 11, 2024
    • Modified: Nov. 18, 2024

  • 8.1

    HIGH
    CVE-2024-11073

    A vulnerability classified as problematic has been found in SourceCodester Hospital Management System 1.0. This affects an unknown part of the file /vm/patient/delete-account.php. The manipulation of the argument id leads to improper authorization. It is ... Read more

    Affected Products : hospital_management_system
    • Published: Nov. 11, 2024
    • Modified: Nov. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-10917

    In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters.... Read more

    Affected Products : openj9
    • Published: Nov. 11, 2024
    • Modified: Jan. 09, 2025

  • 6.4

    MEDIUM
    CVE-2024-45088

    IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials di... Read more

    Affected Products : maximo_asset_management
    • Published: Nov. 11, 2024
    • Modified: Nov. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-43439

    A flaw was found in moodle. H5P error messages require additional sanitizing to prevent a reflected cross-site scripting (XSS) risk.... Read more

    Affected Products : moodle
    • Published: Nov. 11, 2024
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2024-51054

    A Cross Site Scriptng (XSS) vulnerability was found in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" POST request parameter.... Read more

    • Published: Nov. 11, 2024
    • Modified: Mar. 27, 2025

  • 4.8

    MEDIUM
    CVE-2024-50991

    A Cross Site Scripting (XSS) vulnerability was found in /ums-sp/admin/registered-users.php in PHPGurukul User Management System v1.0, which allows remote attackers to execute arbitrary code via the "fname" POST request parameter... Read more

    Affected Products : user_management_system
    • Published: Nov. 11, 2024
    • Modified: Apr. 04, 2025

  • 6.1

    MEDIUM
    CVE-2024-50990

    A Reflected Cross Site Scriptng (XSS) vulnerability was found in /omrs/user/search.php in PHPGurukul Online Marriage Registration System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" POST request parameter.... Read more

    • Published: Nov. 11, 2024
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-50989

    A SQL injection vulnerability in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System v1.0 allows an attacker to execute arbitrary SQL commands via the "searchdata " parameter.... Read more

    • Published: Nov. 11, 2024
    • Modified: Mar. 27, 2025

  • 8.4

    HIGH
    CVE-2024-47131

    If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetObjectInfo can be exploited, allowing the attacker to remotely execute arbitrary code.... Read more

    Affected Products : diascreen
    • Published: Nov. 11, 2024
    • Modified: Jan. 30, 2025

  • 8.4

    HIGH
    CVE-2024-39605

    If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code.... Read more

    Affected Products : diascreen
    • Published: Nov. 11, 2024
    • Modified: Jan. 30, 2025

  • 8.4

    HIGH
    CVE-2024-39354

    If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code.... Read more

    Affected Products : diascreen
    • Published: Nov. 11, 2024
    • Modified: Jan. 30, 2025

  • 5.4

    MEDIUM
    CVE-2024-11070

    A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument name le... Read more

    Affected Products : publiccms
    • Published: Nov. 11, 2024
    • Modified: Nov. 23, 2024

  • 5.5

    MEDIUM
    CVE-2024-50263

    In the Linux kernel, the following vulnerability has been resolved: fork: only invoke khugepaged, ksm hooks if no error There is no reason to invoke these hooks early against an mm that is in an incomplete state. The change in commit d24062914837 ("for... Read more

    Affected Products : linux_kernel
    • Published: Nov. 11, 2024
    • Modified: Dec. 09, 2024

  • 3.3

    LOW
    CVE-2024-34015

    Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Feb. 27, 2025

  • 5.5

    MEDIUM
    CVE-2024-34014

    Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Feb. 27, 2025

  • 8.7

    HIGH
    CVE-2024-10345

    In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Karol Więsek.... Read more

    Affected Products : helix_core
    • Published: Nov. 11, 2024
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2024-10344

    In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified. Reported by Karol Więsek.... Read more

    Affected Products : helix_core
    • Published: Nov. 11, 2024
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2024-10314

    In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the auto-generation function was identified. Reported by Karol Więsek.... Read more

    Affected Products : helix_core
    • Published: Nov. 11, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293553 Results