Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-43435

    A flaw was found in moodle. Insufficient capability checks make it possible for users with access to restore glossaries in courses to restore them into the global site glossary.... Read more

    Affected Products : moodle
    • Published: Nov. 11, 2024
    • Modified: May. 01, 2025

  • 5.3

    MEDIUM
    CVE-2024-43433

    A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users.... Read more

    Affected Products : moodle
    • Published: Nov. 11, 2024
    • Modified: May. 01, 2025

  • 5.3

    MEDIUM
    CVE-2024-43432

    A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirec... Read more

    Affected Products : moodle
    • Published: Nov. 11, 2024
    • Modified: May. 01, 2025

  • 5.3

    MEDIUM
    CVE-2024-43430

    A flaw was found in moodle. External API access to Quiz can override contained insufficient access control.... Read more

    Affected Products : moodle
    • Published: Nov. 11, 2024
    • Modified: May. 01, 2025

  • 5.3

    MEDIUM
    CVE-2024-43429

    A flaw was found in moodle. Some hidden user profile fields are visible in gradebook reports, which could result in users without the "view hidden user fields" capability having access to the information.... Read more

    Affected Products : moodle
    • Published: Nov. 11, 2024
    • Modified: May. 01, 2025

  • 3.7

    LOW
    CVE-2024-43427

    A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third part... Read more

    Affected Products : moodle
    • Published: Nov. 11, 2024
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-11068

    The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s acco... Read more

    Affected Products : dsl6740c_firmware dsl6740c
    • Published: Nov. 11, 2024
    • Modified: Nov. 24, 2024

  • 7.5

    HIGH
    CVE-2024-11067

    The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Additionally, since the device's default password is a combination of the MAC address, at... Read more

    Affected Products : dsl6740c_firmware dsl6740c
    • Published: Nov. 11, 2024
    • Modified: Nov. 24, 2024

  • 7.2

    HIGH
    CVE-2024-11066

    The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through the specific web page.... Read more

    Affected Products : dsl6740c_firmware dsl6740c
    • Published: Nov. 11, 2024
    • Modified: Nov. 24, 2024

  • 7.2

    HIGH
    CVE-2024-11065

    The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.... Read more

    Affected Products : dsl6740c_firmware dsl6740c
    • Published: Nov. 11, 2024
    • Modified: Nov. 15, 2024

  • 7.2

    HIGH
    CVE-2024-11064

    The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.... Read more

    Affected Products : dsl6740c_firmware dsl6740c
    • Published: Nov. 11, 2024
    • Modified: Nov. 15, 2024

  • 7.2

    HIGH
    CVE-2024-11063

    The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.... Read more

    Affected Products : dsl6740c_firmware dsl6740c
    • Published: Nov. 11, 2024
    • Modified: Nov. 15, 2024

  • 7.2

    HIGH
    CVE-2024-11062

    The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.... Read more

    Affected Products : dsl6740c_firmware dsl6740c
    • Published: Nov. 11, 2024
    • Modified: Nov. 15, 2024

  • 5.4

    MEDIUM
    CVE-2024-11021

    Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their b... Read more

    Affected Products : webopac
    • Published: Nov. 11, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-11020

    Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.... Read more

    Affected Products : webopac
    • Published: Nov. 11, 2024
    • Modified: Nov. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-52355

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hyumika OSM – OpenStreetMap allows Stored XSS.This issue affects OSM – OpenStreetMap: from n/a through 6.1.2.... Read more

    Affected Products : openstreetmap
    • Published: Nov. 11, 2024
    • Modified: Nov. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-52354

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cool Plugins Web Stories Widgets For Elementor allows Stored XSS.This issue affects Web Stories Widgets For Elementor: from n/a through 1.1.... Read more

    Affected Products : web_stories_widgets_for_elementor
    • Published: Nov. 11, 2024
    • Modified: Nov. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-52353

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gabriel Serafini Christian Science Bible Lesson Subjects allows DOM-Based XSS.This issue affects Christian Science Bible Lesson Subjects: from n/a... Read more

    • Published: Nov. 11, 2024
    • Modified: Nov. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-52352

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andrew Milo Postcasa Shortcode allows DOM-Based XSS.This issue affects Postcasa Shortcode: from n/a through 1.0.... Read more

    Affected Products : postcasa_shortcode
    • Published: Nov. 11, 2024
    • Modified: Nov. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-52351

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Boston University (IS&T) BU Slideshow allows Stored XSS.This issue affects BU Slideshow: from n/a through 2.3.10.... Read more

    Affected Products : bu_slideshow
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024
Showing 20 of 293592 Results