Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-48057

    localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate parameters, it can cause a one-time storage XSS, which will trigger the payload when a user accesses the homepage.... Read more

    Affected Products : localai
    • Published: Nov. 04, 2024
    • Modified: Sep. 04, 2025

  • 6.5

    MEDIUM
    CVE-2024-48052

    In gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) vulnerability. The reason is that within the save_url_to_cache function, there are no restrictions on the URL, which allows access to local target resources... Read more

    Affected Products : gradio
    • Published: Nov. 04, 2024
    • Modified: Jun. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-48050

    In agentscope <=v0.0.4, the file agentscope\web\workstation\workflow_utils.py has the function is_callable_expression. Within this function, the line result = eval(s) poses a security risk as it can directly execute user-provided commands.... Read more

    Affected Products : agentscope
    • Published: Nov. 04, 2024
    • Modified: Sep. 04, 2025

  • 8.8

    HIGH
    CVE-2024-10805

    A vulnerability was found in code-projects University Event Management System 1.0. It has been classified as critical. This affects an unknown part of the file doedit.php. The manipulation of the argument id leads to sql injection. It is possible to initi... Read more

    • Published: Nov. 04, 2024
    • Modified: Nov. 07, 2024

  • 3.1

    LOW
    CVE-2024-51744

    golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired ... Read more

    Affected Products :
    • Published: Nov. 04, 2024
    • Modified: Nov. 05, 2024

  • 6.5

    MEDIUM
    CVE-2024-48463

    Bruno before 1.29.1 uses Electron shell.openExternal without validation (of http or https) for opening windows within the Markdown docs viewer.... Read more

    Affected Products :
    • Published: Nov. 04, 2024
    • Modified: Jan. 16, 2025

  • 5.1

    MEDIUM
    CVE-2024-45185

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, Modem 5300. There is an out-of-bounds write due to a heap ov... Read more

    • Published: Nov. 04, 2024
    • Modified: Jul. 01, 2025

  • 5.5

    MEDIUM
    CVE-2024-45086

    IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.... Read more

    Affected Products : websphere_application_server
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-10791

    A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /doctorAction.php. The manipulation of the argument Name leads to sql injection. The atta... Read more

    Affected Products : hospital_appointment_system
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 6.8

    MEDIUM
    CVE-2024-34891

    Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request.... Read more

    Affected Products : bitrix24 bitrix24
    • Published: Nov. 04, 2024
    • Modified: Sep. 04, 2025

  • 6.8

    MEDIUM
    CVE-2024-34885

    Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request.... Read more

    Affected Products : bitrix24 bitrix24
    • Published: Nov. 04, 2024
    • Modified: Sep. 04, 2025

  • 7.5

    HIGH
    CVE-2024-30619

    Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access Control. A non-authenticated attacker can request the number of messages and the number of online users via "/main/inc/ajax/message.ajax.php?a=get_count_message" AND "/main/inc/ajax/online.ajax... Read more

    Affected Products : chamilo_lms
    • Published: Nov. 04, 2024
    • Modified: Apr. 18, 2025

  • 6.1

    MEDIUM
    CVE-2024-30618

    A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content' parameter of 'group_topics.php'.... Read more

    Affected Products : chamilo_lms
    • Published: Nov. 04, 2024
    • Modified: Apr. 18, 2025

  • 5.4

    MEDIUM
    CVE-2024-30617

    A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without their consent or knowledge.... Read more

    Affected Products : chamilo_lms
    • Published: Nov. 04, 2024
    • Modified: Apr. 18, 2025

  • 8.8

    HIGH
    CVE-2024-30616

    Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Non-admin users can manipulate sensitive profiles information, posing a significant risk to data integrity.... Read more

    Affected Products : chamilo_lms
    • Published: Nov. 04, 2024
    • Modified: Apr. 18, 2025

  • 5.4

    MEDIUM
    CVE-2024-10768

    A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/two_tables.php. The manipulation of the argumen... Read more

    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 8.8

    HIGH
    CVE-2024-51329

    A Host header injection vulnerability in Agile-Board 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link.... Read more

    Affected Products : agile-board
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 6.1

    MEDIUM
    CVE-2024-51328

    Cross Site Scripting vulnerability in addcategory.php in projectworld's Travel Management System v1.0 allows remote attacker to inject arbitrary code via the t2 parameter.... Read more

    • Published: Nov. 04, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-51327

    SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields.... Read more

    Affected Products : travel_management_system
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 7.5

    HIGH
    CVE-2024-51326

    SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execute arbitrary code via the 't2' parameter in deletesubcategory.php.... Read more

    Affected Products : travel_management_system
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024
Showing 20 of 293620 Results