Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2024-50525

    Unrestricted Upload of File with Dangerous Type vulnerability in Helloprint Plug your WooCommerce into the largest catalog of customized print products from Helloprint allows Upload a Web Shell to a Web Server.This issue affects Plug your WooCommerce into... Read more

    Affected Products : helloprint
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 10.0

    CRITICAL
    CVE-2024-50523

    Unrestricted Upload of File with Dangerous Type vulnerability in RainbowLink Inc. All Post Contact Form allows Upload a Web Shell to a Web Server.This issue affects All Post Contact Form: from n/a through 1.7.3.... Read more

    Affected Products : all_post_contact_form
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 7.1

    HIGH
    CVE-2024-45164

    Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality ... Read more

    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 6.9

    MEDIUM
    CVE-2024-9147

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings.This issue affects PosPratik: before v3.2.1.... Read more

    Affected Products : pospratik
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 9.3

    CRITICAL
    CVE-2024-51561

    This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting and manipulating the responses exchanged during the se... Read more

    Affected Products : aero wave_2.0
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 7.1

    HIGH
    CVE-2024-51560

    This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API endpoint. An authenticated remote attacker could exploit this vulnerability by providing invalid inputs for “userId” parameter in the API reques... Read more

    Affected Products : aero wave_2.0
    • Published: Nov. 04, 2024
    • Modified: Nov. 08, 2024

  • 7.1

    HIGH
    CVE-2024-51559

    This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unauthorized access and perform malicio... Read more

    Affected Products : aero wave_2.0
    • Published: Nov. 04, 2024
    • Modified: Nov. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-51558

    This vulnerability exists in the Wave 2.0 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user OTP, M... Read more

    Affected Products : aero wave_2.0
    • Published: Nov. 04, 2024
    • Modified: Nov. 08, 2024

  • 7.1

    HIGH
    CVE-2024-51557

    This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead t... Read more

    Affected Products : aero wave_2.0
    • Published: Nov. 04, 2024
    • Modified: Nov. 08, 2024

  • 7.1

    HIGH
    CVE-2024-51556

    This vulnerability exists in the Wave 2.0 due to insufficient encryption of sensitive data received at the API response. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters through API request URL/payload... Read more

    Affected Products : aero wave_2.0
    • Published: Nov. 04, 2024
    • Modified: Nov. 22, 2024

  • 8.8

    HIGH
    CVE-2024-36485

    Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: Nov. 04, 2024
    • Modified: Nov. 07, 2024

  • 4.6

    MEDIUM
    CVE-2024-10523

    This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-... Read more

    Affected Products : tapo_h100_firmware tapo_h100
    • Published: Nov. 04, 2024
    • Modified: Nov. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-10035

    Improper Control of Generation of Code ('Code Injection') vulnerability in BG-TEK Informatics Security Technologies CoslatV3 allows Command Injection.This issue affects CoslatV3: through 3.1069. NOTE: The vendor was contacted and it was learned that t... Read more

    Affected Products : coslat
    • Published: Nov. 04, 2024
    • Modified: Nov. 08, 2024

  • 9.1

    CRITICAL
    CVE-2024-51661

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media Library Assistant allows Command Injection.This issue affects Media Library Assistant: from n/a through 3.19.... Read more

    Affected Products : media_library_assistant
    • Published: Nov. 04, 2024
    • Modified: Nov. 08, 2024

  • 8.8

    HIGH
    CVE-2024-48878

    Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.... Read more

    Affected Products : manageengine_admanager_plus
    • Published: Nov. 04, 2024
    • Modified: Nov. 05, 2024

  • 7.5

    HIGH
    CVE-2024-10389

    There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7c... Read more

    Affected Products : safearchive
    • Published: Nov. 04, 2024
    • Modified: Jul. 23, 2025

  • 7.8

    HIGH
    CVE-2024-38424

    Memory corruption during GNSS HAL process initialization.... Read more

    • Published: Nov. 04, 2024
    • Modified: Nov. 07, 2024

  • 7.8

    HIGH
    CVE-2024-38423

    Memory corruption while processing GPU page table switch.... Read more

    • Published: Nov. 04, 2024
    • Modified: Nov. 07, 2024

  • 7.8

    HIGH
    CVE-2024-38422

    Memory corruption while processing voice packet with arbitrary data received from ADSP.... Read more

    • Published: Nov. 04, 2024
    • Modified: Nov. 07, 2024

  • 7.8

    HIGH
    CVE-2024-38421

    Memory corruption while processing GPU commands.... Read more

    • Published: Nov. 04, 2024
    • Modified: Nov. 07, 2024
Showing 20 of 293639 Results