Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-51116

    Tenda AC6 v2.0 V15.03.06.50 was discovered to contain a buffer overflow in the function 'formSetPPTPServer'.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Nov. 05, 2024
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-10084

    The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7_get_post_var shortcode. This makes it possible for authenticated attackers, with Contribut... Read more

    • Published: Nov. 05, 2024
    • Modified: Jul. 11, 2025

  • 7.8

    HIGH
    CVE-2024-7995

    A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the VRED Design application. Exploitation of this vulnerability may lead to code execution.... Read more

    Affected Products : vred vred_design
    • Published: Nov. 05, 2024
    • Modified: Aug. 18, 2025

  • 2.1

    LOW
    CVE-2024-51753

    The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. Thi... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 5.5

    MEDIUM
    CVE-2024-51752

    The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled.... Read more

    Affected Products : authkit
    • Published: Nov. 05, 2024
    • Modified: Sep. 10, 2025

  • 1.8

    LOW
    CVE-2024-51746

    Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. gitsign may select the wrong Rekor entry to use during online verification when multiple entries are returned by the log. gitsign uses Rekor's search API to ... Read more

    Affected Products : gitsign
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 8.8

    HIGH
    CVE-2024-51740

    Combodo iTop is a simple, web based IT Service Management tool. This vulnerability can be used to create HTTP requests on behalf of the server, from a low privileged user. The user portal form manager has been fixed to only instantiate classes derived fro... Read more

    Affected Products : itop
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 8.7

    HIGH
    CVE-2024-51735

    Osmedeus is a Workflow Engine for Offensive Security. Cross-site Scripting (XSS) occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. When using a workflow that contains the summary modu... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 6.5

    MEDIUM
    CVE-2024-51493

    OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser se... Read more

    Affected Products : octoprint
    • Published: Nov. 05, 2024
    • Modified: Dec. 18, 2024

  • 8.4

    HIGH
    CVE-2024-51382

    Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 allows an attacker to reset the administrator's password. This critical security flaw can result in unauthorized access to the platform, enabling attackers to hijack admin accounts and compro... Read more

    Affected Products : jatos
    • Published: Nov. 05, 2024
    • Modified: Jun. 24, 2025

  • 8.4

    HIGH
    CVE-2024-51381

    Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 that allows attackers to perform actions reserved for administrators, including creating admin accounts. This critical flaw can lead to unauthorized activities, compromising the security and ... Read more

    Affected Products : jatos
    • Published: Nov. 05, 2024
    • Modified: Jun. 24, 2025

  • 8.4

    HIGH
    CVE-2024-51380

    Stored Cross-Site Scripting (XSS) vulnerability discovered in the Properties Component of JATOS v3.9.3. This flaw allows an attacker to inject malicious JavaScript into the properties section of a study, specifically within the UUID field. When an admin u... Read more

    Affected Products : jatos
    • Published: Nov. 05, 2024
    • Modified: Jun. 24, 2025

  • 8.4

    HIGH
    CVE-2024-51379

    Stored Cross-Site Scripting (XSS) vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the description field. This allows for the execution of ma... Read more

    Affected Products : jatos
    • Published: Nov. 05, 2024
    • Modified: Jun. 24, 2025

  • 8.0

    HIGH
    CVE-2024-51240

    An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an admin account to root via the JSON-RPC-API, which is exposed by the luci-mod-rpc package... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 5.4

    MEDIUM
    CVE-2024-50335

    SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. The "Publish Key" field in SuiteCRM's Edit Profile page is vulnerable to Reflected Cross-Site Scripting (XSS), allowing an attacker to inject malicio... Read more

    Affected Products : suitecrm
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 8.8

    HIGH
    CVE-2024-50333

    SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. User input is not validated and is written to the filesystem. The ParserLabel::addLabels() function can be used to write attacker-controlled data int... Read more

    Affected Products : suitecrm
    • Published: Nov. 05, 2024
    • Modified: Nov. 13, 2024

  • 8.8

    HIGH
    CVE-2024-50332

    SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Insufficient input value validation causes Blind SQL injection in DeleteRelationShip. This issue has been addressed in versions 7.14.6 and 8.7.1. Use... Read more

    Affected Products : suitecrm
    • Published: Nov. 05, 2024
    • Modified: Nov. 13, 2024

  • 7.2

    HIGH
    CVE-2024-49774

    SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax con... Read more

    Affected Products : suitecrm
    • Published: Nov. 05, 2024
    • Modified: Nov. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-49773

    SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. `current_post`... Read more

    Affected Products : suitecrm
    • Published: Nov. 05, 2024
    • Modified: Nov. 13, 2024

  • 8.8

    HIGH
    CVE-2024-49772

    SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak... Read more

    Affected Products : suitecrm
    • Published: Nov. 05, 2024
    • Modified: Nov. 13, 2024
Showing 20 of 293612 Results