Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-51055

    An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component.... Read more

    Affected Products : hoosk
    • Published: Nov. 08, 2024
    • Modified: Apr. 18, 2025

  • 9.1

    CRITICAL
    CVE-2024-50811

    hopetree izone lts c011b48 contains a server-side request forgery (SSRF) vulnerability in the active push function as \\apps\\tool\\apis\\bd_push.py does not securely filter user input through push_urls() and get_urls().... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-50810

    hopetree izone lts c011b48 contains a Cross Site Scripting (XSS) vulnerability in the article comment function. In \apps\comment\views.py, AddCommintView() does not securely filter user input and renders it directly to the frontend page through templates.... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2024-44765

    An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrativ... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 18, 2024

  • 7.0

    HIGH
    CVE-2024-9841

    A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited.... Read more

    • Published: Nov. 08, 2024
    • Modified: Nov. 13, 2024

  • 7.2

    HIGH
    CVE-2024-51152

    File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component.... Read more

    Affected Products : laravel_cms
    • Published: Nov. 08, 2024
    • Modified: Nov. 13, 2024

  • 5.4

    MEDIUM
    CVE-2024-51032

    A Cross-site Scripting (XSS) vulnerability in manage_recipient.php of Sourcecodester Toll Tax Management System 1.0 allows remote authenticated users to inject arbitrary web scripts via the "owner" input field.... Read more

    Affected Products : toll_tax_management_system
    • Published: Nov. 08, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-51031

    A Cross-site Scripting (XSS) vulnerability in manage_account.php in Sourcecodester Cab Management System 1.0 allows remote authenticated users to inject arbitrary web scripts via the "First Name," "Middle Name," and "Last Name" fields.... Read more

    Affected Products : cab_management_system
    • Published: Nov. 08, 2024
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2024-51030

    A SQL injection vulnerability in manage_client.php and view_cab.php of Sourcecodester Cab Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, leading to unauthorized access and potential compromise of sens... Read more

    • Published: Nov. 08, 2024
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2024-40240

    An incorrect access control issue in HomeServe Home Repair' android app - 3.3.4 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function.... Read more

    Affected Products : homeserve
    • Published: Nov. 08, 2024
    • Modified: Nov. 13, 2024

  • 6.8

    MEDIUM
    CVE-2024-40239

    An incorrect access control issue in Life: Personal Diary, Journal android app 17.5.0 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function.... Read more

    Affected Products : life
    • Published: Nov. 08, 2024
    • Modified: Nov. 13, 2024

  • 8.8

    HIGH
    CVE-2024-50634

    A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform privilege escalation using a crafted JWT token. This vulnerability is not limited to privilege escalation but also affects all functions that require authenticat... Read more

    Affected Products : watcharr
    • Published: Nov. 08, 2024
    • Modified: Nov. 14, 2024

  • 9.1

    CRITICAL
    CVE-2024-45763

    Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnera... Read more

    Affected Products : enterprise_sonic_distribution
    • Published: Nov. 08, 2024
    • Modified: Nov. 13, 2024

  • 8.8

    HIGH
    CVE-2024-25431

    An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility function.... Read more

    Affected Products : webassembly_micro_runtime
    • Published: Nov. 08, 2024
    • Modified: Nov. 14, 2024

  • 9.3

    CRITICAL
    CVE-2024-50966

    dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addAdmin.... Read more

    Affected Products : dingfanzu dingfanzu_cms
    • Published: Nov. 08, 2024
    • Modified: May. 28, 2025

  • 2.7

    LOW
    CVE-2024-47190

    Northern.tech Hosted Mender before 2024.07.11 allows SSRF.... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 08, 2024

  • 5.3

    MEDIUM
    CVE-2024-46948

    Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control.... Read more

    Affected Products : mender
    • Published: Nov. 08, 2024
    • Modified: Feb. 10, 2025

  • 6.5

    MEDIUM
    CVE-2024-46947

    Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF.... Read more

    Affected Products : mender
    • Published: Nov. 08, 2024
    • Modified: Nov. 08, 2024

  • 9.1

    CRITICAL
    CVE-2024-45765

    Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnera... Read more

    Affected Products : enterprise_sonic_distribution
    • Published: Nov. 08, 2024
    • Modified: Nov. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-45764

    Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Thi... Read more

    Affected Products : enterprise_sonic_distribution
    • Published: Nov. 08, 2024
    • Modified: Nov. 13, 2024
Showing 20 of 293603 Results