Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-10601

    A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /general/address/private/address/query/delete.php. The manipulation of the argument where_repea... Read more

    • Published: Oct. 31, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-10600

    A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.6. Affected is an unknown function of the file pda/appcenter/submenu.php. The manipulation of the argument appid leads to sql injection. It is possible to launch the a... Read more

    • Published: Oct. 31, 2024
    • Modified: Nov. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-6480

    The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'no_of_reviews' attribute in the woocommerce_reviews shortcode in all versions up to, and including, 1.2.3 due to insufficient input saniti... Read more

    • Published: Oct. 31, 2024
    • Modified: Jul. 11, 2025

  • 6.5

    MEDIUM
    CVE-2024-6479

    The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'no_of_reviews' attribute in the woocommerce_reviews shortcode in all versions up to, and including, 1.2.3 due to insufficient escaping on the user suppl... Read more

    • Published: Oct. 31, 2024
    • Modified: Jul. 11, 2025

  • 7.5

    HIGH
    CVE-2024-10599

    A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7. This issue affects some unknown processing of the file /inc/package_static_resources.php. The manipulation leads to resource consumption. The attack may be ... Read more

    • Published: Oct. 31, 2024
    • Modified: Nov. 04, 2024

  • 6.9

    MEDIUM
    CVE-2024-10598

    A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This vulnerability affects unknown code of the file general/hr/setting/attendance/leave/data.php of the component Annual Leave Handler. The manipulation leads to impro... Read more

    Affected Products : office_anywhere
    • Published: Oct. 31, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-10597

    A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function delPolicyAction of the file /com/esafenet/servlet/system/PolicyActionService.java. The manipulation of the argument id leads to sql injection. It is possibl... Read more

    Affected Products : cdg
    • Published: Oct. 31, 2024
    • Modified: Nov. 06, 2024

  • 8.8

    HIGH
    CVE-2024-10596

    A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function delEntryptPolicySort of the file /com/esafenet/servlet/system/EncryptPolicyTypeService.java. The manipulation of the argument id leads to sq... Read more

    Affected Products : cdg
    • Published: Oct. 31, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-10595

    A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delFile/delDifferCourseList of the file /com/esafenet/servlet/ajax/PublicDocInfoAjax.java. The manipulation leads to sql injectio... Read more

    Affected Products : cdg
    • Published: Oct. 31, 2024
    • Modified: Nov. 01, 2024

  • 8.8

    HIGH
    CVE-2024-10594

    A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function docHistory of the file /com/esafenet/servlet/fileManagement/FileDirectoryService.java. The manipulation of the argument fileId leads to sql injection... Read more

    Affected Products : cdg
    • Published: Oct. 31, 2024
    • Modified: Nov. 05, 2024

  • 7.5

    HIGH
    CVE-2024-48360

    Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php.... Read more

    Affected Products : qualitor
    • Published: Oct. 31, 2024
    • Modified: Jul. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-48359

    Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the gridValoresPopHidden parameter.... Read more

    Affected Products : qualitor
    • Published: Oct. 31, 2024
    • Modified: Jul. 01, 2025

  • 7.5

    HIGH
    CVE-2024-39722

    An issue was discovered in Ollama before 0.1.46. It exposes which files exist on the server on which it is deployed via path traversal in the api/push route.... Read more

    Affected Products : ollama
    • Published: Oct. 31, 2024
    • Modified: May. 13, 2025

  • 7.5

    HIGH
    CVE-2024-39721

    An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinit... Read more

    Affected Products : ollama
    • Published: Oct. 31, 2024
    • Modified: May. 13, 2025

  • 8.2

    HIGH
    CVE-2024-39720

    An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement poin... Read more

    Affected Products : ollama
    • Published: Oct. 31, 2024
    • Modified: May. 13, 2025

  • 7.5

    HIGH
    CVE-2024-39719

    An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, provid... Read more

    Affected Products : ollama
    • Published: Oct. 31, 2024
    • Modified: May. 13, 2025

  • 7.5

    HIGH
    CVE-2024-51066

    An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable Information (PII) of other customers.... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Oct. 31, 2024
    • Modified: Apr. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-51065

    Phpgurukul Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in admin/index.php via the the username parameter.... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Oct. 31, 2024
    • Modified: Mar. 31, 2025

  • 9.8

    CRITICAL
    CVE-2024-51064

    Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection via the tid parameter to admin/queries.php.... Read more

    Affected Products : teachers_record_management_system
    • Published: Oct. 31, 2024
    • Modified: Mar. 31, 2025

  • 9.1

    CRITICAL
    CVE-2024-51063

    Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection in add-teacher.php via the mobile number or email parameter.... Read more

    Affected Products : teachers_record_management_system
    • Published: Oct. 31, 2024
    • Modified: Mar. 31, 2025
Showing 20 of 293640 Results