Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-10736

    A vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument email leads to sql injection. The atta... Read more

    • Published: Nov. 03, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-10735

    A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /editNominee.php. The manipulation of the argument nominee_id leads to sql injection. T... Read more

    Affected Products : life_insurance_management_system
    • Published: Nov. 03, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-10734

    A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been classified as critical. This affects an unknown part of the file /editPayment.php. The manipulation of the argument recipt_no leads to sql injection. It is possi... Read more

    Affected Products : life_insurance_management_system
    • Published: Nov. 03, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-10733

    A vulnerability was found in code-projects Restaurant Order System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument uid leads to sql injection. The attack may be ... Read more

    • Published: Nov. 03, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-10732

    A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /module/word_model/view/index.php. The manipulation of the argument query_str leads to sql inje... Read more

    • Published: Nov. 03, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-10731

    A vulnerability, which was classified as critical, was found in Tongda OA up to 11.10. Affected is an unknown function of the file /pda/appcenter/check_seal.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the atta... Read more

    Affected Products : office_anywhere
    • Published: Nov. 03, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-10730

    A vulnerability, which was classified as critical, has been found in Tongda OA up to 11.6. This issue affects some unknown processing of the file /pda/appcenter/web_show.php. The manipulation of the argument ID leads to sql injection. The attack may be in... Read more

    Affected Products : office_anywhere
    • Published: Nov. 03, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-10702

    A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attac... Read more

    • Published: Nov. 02, 2024
    • Modified: Apr. 21, 2025

  • 6.1

    MEDIUM
    CVE-2024-10701

    A vulnerability was found in PHPGurukul Car Rental Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may ... Read more

    Affected Products : car_rental_portal
    • Published: Nov. 02, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-10700

    A vulnerability was found in code-projects University Event Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file submit.php. The manipulation of the argument name/email/title/Year/gender/fromdate/tod... Read more

    • Published: Nov. 02, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-10699

    A vulnerability was found in code-projects Wazifa System 1.0. It has been classified as critical. This affects an unknown part of the file /controllers/logincontrol.php. The manipulation of the argument username leads to sql injection. It is possible to i... Read more

    Affected Products : wazifa_system
    • Published: Nov. 02, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-10698

    A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. Th... Read more

    Affected Products : ac6_firmware ac6
    • Published: Nov. 02, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-10697

    A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument mac leads to... Read more

    Affected Products : ac6_firmware ac6
    • Published: Nov. 02, 2024
    • Modified: Apr. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-9896

    The BBP Core – Expand bbPress powered forums with useful features plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. Thi... Read more

    Affected Products : bbp_core
    • Published: Nov. 02, 2024
    • Modified: Nov. 04, 2024

  • 8.1

    HIGH
    CVE-2024-51774

    qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors.... Read more

    Affected Products : qbittorrent
    • Published: Nov. 02, 2024
    • Modified: Nov. 06, 2024

  • 5.4

    MEDIUM
    CVE-2024-9868

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate Widget 'url' parameter in all versions up to, and including, 5.1... Read more

    Affected Products : element_pack
    • Published: Nov. 02, 2024
    • Modified: Nov. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-8739

    The ReCaptcha Integration for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for un... Read more

    Affected Products : recaptcha_integration
    • Published: Nov. 02, 2024
    • Modified: Nov. 04, 2024

  • 6.5

    MEDIUM
    CVE-2024-10540

    The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpress_form shortcode in all versions up to, and including, 1.1.16 due to insufficien... Read more

    Affected Products : bookingpress
    • Published: Nov. 02, 2024
    • Modified: Nov. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-10310

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Gallery Widget 'image_title' parameter in all versions up to, and ... Read more

    Affected Products : element_pack
    • Published: Nov. 02, 2024
    • Modified: Nov. 04, 2024

  • 7.8

    HIGH
    CVE-2024-9191

    The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to the OktaDeviceAccessPipe, which enables attackers in a compromised device to retrieve passwords associated with Desktop MFA passwordless logins. The vulnera... Read more

    Affected Products : verify
    • Published: Nov. 01, 2024
    • Modified: Nov. 05, 2024
Showing 20 of 293656 Results