Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.1

    MEDIUM
    CVE-2024-51992

    Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue (CWE-749: Exposed Dangerous Method or Function) in the Orchid Platform... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 9.1

    CRITICAL
    CVE-2024-51748

    Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by ... Read more

    Affected Products : kanboard
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 9.1

    CRITICAL
    CVE-2024-51747

    Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its `... Read more

    Affected Products : kanboard
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 9.0

    CRITICAL
    CVE-2024-51490

    Ampache is a web based audio/video streaming application and file manager. This vulnerability exists in the interface section of the Ampache menu, where users can change "Custom URL - Logo". This section is not properly sanitized, allowing for the input o... Read more

    Affected Products : ampache
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024

  • 5.4

    MEDIUM
    CVE-2024-51489

    Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another. This vulnerability could be exploited to forge CSRF at... Read more

    Affected Products : ampache
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024

  • 5.4

    MEDIUM
    CVE-2024-51488

    Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulnerability could be exploited to forge CSRF attacks, allowi... Read more

    Affected Products : ampache
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024

  • 8.1

    HIGH
    CVE-2024-51487

    Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. This vulnerability allows an attacker to exploit CSRF at... Read more

    Affected Products : ampache
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024

  • 8.4

    HIGH
    CVE-2024-51486

    Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URL - Favicon". This section is not properly sanitized, allowing for the i... Read more

    Affected Products : ampache
    • Published: Nov. 11, 2024
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2024-51485

    Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to exploit CSRF at... Read more

    Affected Products : ampache
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024

  • 8.1

    HIGH
    CVE-2024-51484

    Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating controllers. This vulnerability allows an attacker to exploit CSR... Read more

    Affected Products : ampache
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024

  • 4.8

    MEDIUM
    CVE-2024-51190

    TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the ptRule_ApplicationName_1.1.6.0.0 parameter on the /special_ap.htm page.... Read more

    • Published: Nov. 11, 2024
    • Modified: Apr. 01, 2025

  • 4.8

    MEDIUM
    CVE-2024-51189

    TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page.... Read more

    • Published: Nov. 11, 2024
    • Modified: Apr. 01, 2025

  • 4.8

    MEDIUM
    CVE-2024-51188

    TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the /virtual_server.htm page.... Read more

    • Published: Nov. 11, 2024
    • Modified: Apr. 01, 2025

  • 4.8

    MEDIUM
    CVE-2024-51187

    TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm page.... Read more

    • Published: Nov. 11, 2024
    • Modified: Apr. 01, 2025

  • 8.0

    HIGH
    CVE-2024-51186

    D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions.... Read more

    Affected Products : dir-820l_firmware dir-820l
    • Published: Nov. 11, 2024
    • Modified: May. 07, 2025

  • 8.1

    HIGH
    CVE-2024-48322

    UsersController.php in Run.codes 1.5.2 and older has a reset password race condition vulnerability.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 5.4

    MEDIUM
    CVE-2024-46965

    The DS allvideo.downloader.browser (aka Fast Video Downloader: Browser) application through 1.6-RC1 for Android allows an attacker to execute arbitrary JavaScript code via the allvideo.downloader.browser.DefaultBrowserActivity component.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-36061

    EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 5.4

    MEDIUM
    CVE-2024-11078

    A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument e/role leads to cross site scripting.... Read more

    Affected Products : job_recruitment
    • Published: Nov. 11, 2024
    • Modified: Feb. 14, 2025

  • 6.9

    MEDIUM
    CVE-2024-10315

    In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 18, 2024
Showing 20 of 293577 Results