Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2024-7877

    The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scri... Read more

    Affected Products : simply_schedule_appointments
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 4.8

    MEDIUM
    CVE-2024-7876

    The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Appointment Type settings, which could allow high privilege users such as admin to perform Cross-Site ... Read more

    Affected Products : simply_schedule_appointments
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 4.8

    MEDIUM
    CVE-2024-5578

    The Table of Contents Plus WordPress plugin through 2408 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : table_of_contents_plus
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 7.5

    HIGH
    CVE-2024-10810

    A vulnerability was found in code-projects E-Health Care System 1.0. It has been classified as critical. Affected is an unknown function of the file Doctor/app_request.php. The manipulation of the argument app_id leads to sql injection. It is possible to ... Read more

    Affected Products : e-health_care_system
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 7.5

    HIGH
    CVE-2024-10809

    A vulnerability was found in code-projects E-Health Care System 1.0 and classified as critical. This issue affects some unknown processing of the file /Doctor/chat.php. The manipulation of the argument name/message leads to sql injection. The attack may b... Read more

    Affected Products : e-health_care_system
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 7.5

    HIGH
    CVE-2024-10808

    A vulnerability has been found in code-projects E-Health Care System 1.0 and classified as critical. This vulnerability affects unknown code of the file Admin/req_detail.php. The manipulation of the argument id leads to sql injection. The attack can be in... Read more

    Affected Products : e-health_care_system
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 5.1

    MEDIUM
    CVE-2024-10807

    A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been rated as problematic. This issue affects some unknown processing of the file hms/doctor/search.php. The manipulation of the argument searchdata leads to cross site scripti... Read more

    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 6.4

    MEDIUM
    CVE-2024-10340

    The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'scu' shortcode in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. Th... Read more

    • Published: Nov. 05, 2024
    • Modified: Nov. 05, 2024

  • 5.1

    MEDIUM
    CVE-2024-10806

    A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as problematic. This vulnerability affects unknown code of the file betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to cro... Read more

    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 6.0

    MEDIUM
    CVE-2024-51498

    cobalt is a media downloader that doesn't piss you off. A malicious cobalt instance could serve links with the `javascript:` protocol, resulting in Cross-site Scripting (XSS) when the user tries to download an item from a picker. This issue has been prese... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 05, 2024

  • 5.1

    MEDIUM
    CVE-2024-50346

    WebFeed is a lightweight web feed reader extension for Firefox/Chrome. Multiple HTML injection vulnerabilities in WebFeed can lead to CSRF and UI spoofing attacks. A remote attacker can provide malicious RSS feeds and attract the victim user to visit it u... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 05, 2024

  • 5.8

    MEDIUM
    CVE-2024-32870

    Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info (name, version and parameters) can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. U... Read more

    Affected Products : itop
    • Published: Nov. 05, 2024
    • Modified: Nov. 13, 2024

  • 8.8

    HIGH
    CVE-2024-31998

    Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerabilit... Read more

    Affected Products : itop
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 8.8

    HIGH
    CVE-2024-31448

    Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting (XSS) attack can be performed when importing this content. This issue has been fixed in versions 3.1.2 and 3.2.0. All users... Read more

    Affected Products : itop
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 8.8

    HIGH
    CVE-2023-34445

    Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.render.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There a... Read more

    Affected Products : itop
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 8.8

    HIGH
    CVE-2023-34444

    Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.searchform.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. The... Read more

    Affected Products : itop
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 8.8

    HIGH
    CVE-2023-34443

    Combodo iTop is a simple, web based IT Service Management tool. When displaying page Run queries Cross-site Scripting (XSS) are possible for scripts outside of script tags. This has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgr... Read more

    Affected Products : itop
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 8.7

    HIGH
    CVE-2024-51734

    Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an `AccessControl.userfolder.UserFolder` which may prevent any privileged access. This problem has been f... Read more

    Affected Products : zope
    • Published: Nov. 04, 2024
    • Modified: Jan. 22, 2025

  • 5.1

    MEDIUM
    CVE-2024-51502

    loona is an experimental, HTTP/1.1 and HTTP/2 implementation in Rust on top of io-uring. `loona-hpack` suffers from the same vulnerability as the original `hpack` as documented in issue #11. All users who try to decode untrusted input using the Decoder ar... Read more

    Affected Products :
    • Published: Nov. 04, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-51501

    Refit is an automatic type-safe REST library for .NET Core, Xamarin and .NET The various header-related Refit attributes (Header, HeaderCollection and Authorize) are vulnerable to CRLF injection. The way HTTP headers are added to a request is via the `Htt... Read more

    Affected Products :
    • Published: Nov. 04, 2024
    • Modified: Nov. 08, 2024
Showing 20 of 293623 Results