Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.4

    HIGH
    CVE-2024-50441

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CozyThemes Cozy Blocks allows Stored XSS.This issue affects Cozy Blocks: from n/a through 2.0.15.... Read more

    Affected Products : cozy_blocks
    • Published: Oct. 28, 2024
    • Modified: Nov. 08, 2024

  • 6.5

    MEDIUM
    CVE-2024-50440

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Chris Coyier CodePen Embedded Pens Shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through 1.0.2.... Read more

    Affected Products : codepen
    • Published: Oct. 28, 2024
    • Modified: Nov. 08, 2024

  • 6.5

    MEDIUM
    CVE-2024-50439

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Astra Widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through 1.2.14.... Read more

    Affected Products : astra_widgets
    • Published: Oct. 28, 2024
    • Modified: Nov. 08, 2024

  • 7.1

    HIGH
    CVE-2024-50438

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Reflected XSS.This issue affects Church Admin: from n/a before 5.0.0.... Read more

    Affected Products : church_admin
    • Published: Oct. 28, 2024
    • Modified: Nov. 08, 2024

  • 7.4

    HIGH
    CVE-2024-6245

    Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on Linux (Infotainment Hub modules) allows attacker to try common or default usernames and passwords.The issue was detected on a 2022 Maruti Suzuki Brezza in India Market. This issue aff... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Nov. 07, 2024

  • 5.3

    MEDIUM
    CVE-2024-49771

    MPXJ is an open source library to read and write project plans from a variety of file formats and databases. The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be con... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 5.7

    MEDIUM
    CVE-2024-47827

    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with acce... Read more

    Affected Products : argo_workflows
    • Published: Oct. 28, 2024
    • Modified: Nov. 05, 2024

  • 8.8

    HIGH
    CVE-2024-42028

    A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Net... Read more

    Affected Products : unifi_network_application
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 6.5

    MEDIUM
    CVE-2024-10469

    VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users.... Read more

    Affected Products : vince
    • Published: Oct. 28, 2024
    • Modified: Mar. 17, 2025

  • 7.5

    HIGH
    CVE-2024-49761

    REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is... Read more

    Affected Products : ruby ontap_tools rexml
    • Published: Oct. 28, 2024
    • Modified: Mar. 21, 2025

  • 6.3

    MEDIUM
    CVE-2024-48291

    dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=editAdmin&id=17... Read more

    Affected Products : dingfanzu dingfanzu_cms
    • Published: Oct. 28, 2024
    • Modified: May. 27, 2025

  • 7.5

    HIGH
    CVE-2024-45802

    Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to... Read more

    Affected Products : squid
    • Published: Oct. 28, 2024
    • Modified: Jan. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-10450

    A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /kortex_lite/control/edit_profile.php of the component POST Parameter Handle... Read more

    Affected Products : advocate_office_management_system
    • Published: Oct. 28, 2024
    • Modified: Nov. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-10449

    A vulnerability, which was classified as critical, was found in Codezips Hospital Appointment System 1.0. This affects an unknown part of the file /loginAction.php. The manipulation of the argument Username leads to sql injection. It is possible to initia... Read more

    Affected Products : hospital_appointment_system
    • Published: Oct. 28, 2024
    • Modified: Oct. 31, 2024

  • 3.5

    LOW
    CVE-2024-10214

    Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Oct. 28, 2024
    • Modified: Nov. 05, 2024

  • 6.5

    MEDIUM
    CVE-2024-50443

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Post Grid Team by WPXPO PostX allows Stored XSS.This issue affects PostX: from n/a through 4.1.12.... Read more

    Affected Products : postx
    • Published: Oct. 28, 2024
    • Modified: Aug. 27, 2025

  • 6.3

    MEDIUM
    CVE-2024-48191

    dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=delAdmin&id=17... Read more

    Affected Products : dingfanzu dingfanzu_cms
    • Published: Oct. 28, 2024
    • Modified: May. 27, 2025

  • 4.9

    MEDIUM
    CVE-2024-34537

    TYPO3 before 13.3.1 allows denial of service (interface error) in the Bookmark Toolbar (ext:backend), exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed ve... Read more

    Affected Products : typo3
    • Published: Oct. 28, 2024
    • Modified: Sep. 03, 2025

  • 7.5

    HIGH
    CVE-2024-10455

    Reachable Assertion in BPv7 parser in µD3TN v0.14.0 allows attacker to disrupt service via malformed Extension Block... Read more

    Affected Products : ud3tn
    • Published: Oct. 28, 2024
    • Modified: Aug. 07, 2025

  • 6.9

    MEDIUM
    CVE-2024-10448

    A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /file/delete.php. The manipulation of the argument bid leads to cross-... Read more

    • Published: Oct. 28, 2024
    • Modified: Nov. 01, 2024
Showing 20 of 294344 Results