Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.4

    HIGH
    CVE-2024-27529

    wasm3 139076a contains memory leaks in Read_utf8.... Read more

    Affected Products : wasm3
    • Published: Nov. 08, 2024
    • Modified: Jun. 24, 2025

  • 8.4

    HIGH
    CVE-2024-27528

    wasm3 139076a suffers from Invalid Memory Read, leading to DoS and potential Code Execution.... Read more

    Affected Products : wasm3
    • Published: Nov. 08, 2024
    • Modified: Jun. 24, 2025

  • 7.5

    HIGH
    CVE-2024-27527

    wasm3 139076a is vulnerable to Denial of Service (DoS).... Read more

    Affected Products : wasm3
    • Published: Nov. 08, 2024
    • Modified: Jun. 24, 2025

  • 7.4

    HIGH
    CVE-2024-11026

    A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ch/qos/logback/core/net/ssl/SSL.java of the component Keystore Handler. The ma... Read more

    Affected Products : android freenow
    • Published: Nov. 08, 2024
    • Modified: Nov. 23, 2024

  • 4.7

    MEDIUM
    CVE-2024-51157

    07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://erp.07fly.net:80/oa/OaSchedule/add.html.... Read more

    Affected Products : 07flycms
    • Published: Nov. 08, 2024
    • Modified: Apr. 18, 2025

  • 8.8

    HIGH
    CVE-2024-50809

    The theme.php file in SDCMS 2.8 has a command execution vulnerability that allows for the execution of system commands... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 18, 2024

  • 8.8

    HIGH
    CVE-2024-50808

    SeaCms 13.1 is vulnerable to code injection in the notification module of the member message notification module in the backend user module, due to unsafe handling of the "notify" variable in admin_notify.php.... Read more

    Affected Products : seacms
    • Published: Nov. 08, 2024
    • Modified: Mar. 28, 2025

  • 4.3

    MEDIUM
    CVE-2024-21994

    StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to a service crash.... Read more

    Affected Products : storagegrid
    • Published: Nov. 08, 2024
    • Modified: Nov. 12, 2024

  • 8.1

    HIGH
    CVE-2024-51997

    Trustee is a set of tools and components for attesting confidential guests and providing secrets to them. The ART (**Attestation Results Token**) token, generated by AS, could be manipulated by MITM attacker, but the verifier (CoCo Verification Demander l... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-51211

    SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $username_stn_id parameter, which can be manipulated by an attacker to inject... Read more

    Affected Products : opensis
    • Published: Nov. 08, 2024
    • Modified: Jul. 17, 2025

  • 6.5

    MEDIUM
    CVE-2024-51055

    An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component.... Read more

    Affected Products : hoosk
    • Published: Nov. 08, 2024
    • Modified: Apr. 18, 2025

  • 9.1

    CRITICAL
    CVE-2024-50811

    hopetree izone lts c011b48 contains a server-side request forgery (SSRF) vulnerability in the active push function as \\apps\\tool\\apis\\bd_push.py does not securely filter user input through push_urls() and get_urls().... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-50810

    hopetree izone lts c011b48 contains a Cross Site Scripting (XSS) vulnerability in the article comment function. In \apps\comment\views.py, AddCommintView() does not securely filter user input and renders it directly to the frontend page through templates.... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2024-44765

    An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrativ... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 18, 2024

  • 7.0

    HIGH
    CVE-2024-9841

    A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited.... Read more

    • Published: Nov. 08, 2024
    • Modified: Nov. 13, 2024

  • 7.2

    HIGH
    CVE-2024-51152

    File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component.... Read more

    Affected Products : laravel_cms
    • Published: Nov. 08, 2024
    • Modified: Nov. 13, 2024

  • 5.4

    MEDIUM
    CVE-2024-51032

    A Cross-site Scripting (XSS) vulnerability in manage_recipient.php of Sourcecodester Toll Tax Management System 1.0 allows remote authenticated users to inject arbitrary web scripts via the "owner" input field.... Read more

    Affected Products : toll_tax_management_system
    • Published: Nov. 08, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-51031

    A Cross-site Scripting (XSS) vulnerability in manage_account.php in Sourcecodester Cab Management System 1.0 allows remote authenticated users to inject arbitrary web scripts via the "First Name," "Middle Name," and "Last Name" fields.... Read more

    Affected Products : cab_management_system
    • Published: Nov. 08, 2024
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2024-51030

    A SQL injection vulnerability in manage_client.php and view_cab.php of Sourcecodester Cab Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, leading to unauthorized access and potential compromise of sens... Read more

    • Published: Nov. 08, 2024
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2024-40240

    An incorrect access control issue in HomeServe Home Repair' android app - 3.3.4 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function.... Read more

    Affected Products : homeserve
    • Published: Nov. 08, 2024
    • Modified: Nov. 13, 2024
Showing 20 of 293613 Results