Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-10917

    In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters.... Read more

    Affected Products : openj9
    • Published: Nov. 11, 2024
    • Modified: Jan. 09, 2025

  • 6.4

    MEDIUM
    CVE-2024-45088

    IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials di... Read more

    Affected Products : maximo_asset_management
    • Published: Nov. 11, 2024
    • Modified: Nov. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-43439

    A flaw was found in moodle. H5P error messages require additional sanitizing to prevent a reflected cross-site scripting (XSS) risk.... Read more

    Affected Products : moodle
    • Published: Nov. 11, 2024
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2024-51054

    A Cross Site Scriptng (XSS) vulnerability was found in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" POST request parameter.... Read more

    • Published: Nov. 11, 2024
    • Modified: Mar. 27, 2025

  • 4.8

    MEDIUM
    CVE-2024-50991

    A Cross Site Scripting (XSS) vulnerability was found in /ums-sp/admin/registered-users.php in PHPGurukul User Management System v1.0, which allows remote attackers to execute arbitrary code via the "fname" POST request parameter... Read more

    Affected Products : user_management_system
    • Published: Nov. 11, 2024
    • Modified: Apr. 04, 2025

  • 6.1

    MEDIUM
    CVE-2024-50990

    A Reflected Cross Site Scriptng (XSS) vulnerability was found in /omrs/user/search.php in PHPGurukul Online Marriage Registration System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" POST request parameter.... Read more

    • Published: Nov. 11, 2024
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-50989

    A SQL injection vulnerability in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System v1.0 allows an attacker to execute arbitrary SQL commands via the "searchdata " parameter.... Read more

    • Published: Nov. 11, 2024
    • Modified: Mar. 27, 2025

  • 8.4

    HIGH
    CVE-2024-47131

    If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetObjectInfo can be exploited, allowing the attacker to remotely execute arbitrary code.... Read more

    Affected Products : diascreen
    • Published: Nov. 11, 2024
    • Modified: Jan. 30, 2025

  • 8.4

    HIGH
    CVE-2024-39605

    If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code.... Read more

    Affected Products : diascreen
    • Published: Nov. 11, 2024
    • Modified: Jan. 30, 2025

  • 8.4

    HIGH
    CVE-2024-39354

    If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code.... Read more

    Affected Products : diascreen
    • Published: Nov. 11, 2024
    • Modified: Jan. 30, 2025

  • 5.4

    MEDIUM
    CVE-2024-11070

    A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument name le... Read more

    Affected Products : publiccms
    • Published: Nov. 11, 2024
    • Modified: Nov. 23, 2024

  • 5.5

    MEDIUM
    CVE-2024-50263

    In the Linux kernel, the following vulnerability has been resolved: fork: only invoke khugepaged, ksm hooks if no error There is no reason to invoke these hooks early against an mm that is in an incomplete state. The change in commit d24062914837 ("for... Read more

    Affected Products : linux_kernel
    • Published: Nov. 11, 2024
    • Modified: Dec. 09, 2024

  • 3.3

    LOW
    CVE-2024-34015

    Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Feb. 27, 2025

  • 5.5

    MEDIUM
    CVE-2024-34014

    Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Feb. 27, 2025

  • 8.7

    HIGH
    CVE-2024-10345

    In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Karol Więsek.... Read more

    Affected Products : helix_core
    • Published: Nov. 11, 2024
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2024-10344

    In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified. Reported by Karol Więsek.... Read more

    Affected Products : helix_core
    • Published: Nov. 11, 2024
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2024-10314

    In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the auto-generation function was identified. Reported by Karol Więsek.... Read more

    Affected Products : helix_core
    • Published: Nov. 11, 2024
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2024-43437

    A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files.... Read more

    Affected Products : moodle
    • Published: Nov. 11, 2024
    • Modified: Apr. 23, 2025

  • 5.3

    MEDIUM
    CVE-2024-43435

    A flaw was found in moodle. Insufficient capability checks make it possible for users with access to restore glossaries in courses to restore them into the global site glossary.... Read more

    Affected Products : moodle
    • Published: Nov. 11, 2024
    • Modified: May. 01, 2025

  • 5.3

    MEDIUM
    CVE-2024-43433

    A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users.... Read more

    Affected Products : moodle
    • Published: Nov. 11, 2024
    • Modified: May. 01, 2025
Showing 20 of 294210 Results