Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-49771

    MPXJ is an open source library to read and write project plans from a variety of file formats and databases. The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be con... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 5.7

    MEDIUM
    CVE-2024-47827

    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with acce... Read more

    Affected Products : argo_workflows
    • Published: Oct. 28, 2024
    • Modified: Nov. 05, 2024

  • 8.8

    HIGH
    CVE-2024-42028

    A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Net... Read more

    Affected Products : unifi_network_application
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 6.5

    MEDIUM
    CVE-2024-10469

    VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users.... Read more

    Affected Products : vince
    • Published: Oct. 28, 2024
    • Modified: Mar. 17, 2025

  • 7.5

    HIGH
    CVE-2024-49761

    REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is... Read more

    Affected Products : ruby ontap_tools rexml
    • Published: Oct. 28, 2024
    • Modified: Mar. 21, 2025

  • 6.3

    MEDIUM
    CVE-2024-48291

    dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=editAdmin&id=17... Read more

    Affected Products : dingfanzu dingfanzu_cms
    • Published: Oct. 28, 2024
    • Modified: May. 27, 2025

  • 7.5

    HIGH
    CVE-2024-45802

    Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to... Read more

    Affected Products : squid
    • Published: Oct. 28, 2024
    • Modified: Jan. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-10450

    A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /kortex_lite/control/edit_profile.php of the component POST Parameter Handle... Read more

    Affected Products : advocate_office_management_system
    • Published: Oct. 28, 2024
    • Modified: Nov. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-10449

    A vulnerability, which was classified as critical, was found in Codezips Hospital Appointment System 1.0. This affects an unknown part of the file /loginAction.php. The manipulation of the argument Username leads to sql injection. It is possible to initia... Read more

    Affected Products : hospital_appointment_system
    • Published: Oct. 28, 2024
    • Modified: Oct. 31, 2024

  • 3.5

    LOW
    CVE-2024-10214

    Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Oct. 28, 2024
    • Modified: Nov. 05, 2024

  • 6.5

    MEDIUM
    CVE-2024-50443

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Post Grid Team by WPXPO PostX allows Stored XSS.This issue affects PostX: from n/a through 4.1.12.... Read more

    Affected Products : postx
    • Published: Oct. 28, 2024
    • Modified: Aug. 27, 2025

  • 6.3

    MEDIUM
    CVE-2024-48191

    dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=delAdmin&id=17... Read more

    Affected Products : dingfanzu dingfanzu_cms
    • Published: Oct. 28, 2024
    • Modified: May. 27, 2025

  • 4.9

    MEDIUM
    CVE-2024-34537

    TYPO3 before 13.3.1 allows denial of service (interface error) in the Bookmark Toolbar (ext:backend), exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed ve... Read more

    Affected Products : typo3
    • Published: Oct. 28, 2024
    • Modified: Sep. 03, 2025

  • 7.5

    HIGH
    CVE-2024-10455

    Reachable Assertion in BPv7 parser in µD3TN v0.14.0 allows attacker to disrupt service via malformed Extension Block... Read more

    Affected Products : ud3tn
    • Published: Oct. 28, 2024
    • Modified: Aug. 07, 2025

  • 6.9

    MEDIUM
    CVE-2024-10448

    A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /file/delete.php. The manipulation of the argument bid leads to cross-... Read more

    • Published: Oct. 28, 2024
    • Modified: Nov. 01, 2024

  • 3.3

    LOW
    CVE-2024-8013

    A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returne... Read more

    Affected Products : mongo_crypt_v1.so mongocryptd
    • Published: Oct. 28, 2024
    • Modified: Oct. 31, 2024

  • 5.4

    MEDIUM
    CVE-2024-50582

    In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements... Read more

    Affected Products : youtrack
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-50581

    In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag... Read more

    Affected Products : youtrack
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-50580

    In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule... Read more

    Affected Products : youtrack
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 6.1

    MEDIUM
    CVE-2024-50579

    In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible... Read more

    Affected Products : youtrack
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024
Showing 20 of 294299 Results