Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-50450

    Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Injection.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4.... Read more

    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 7.2

    HIGH
    CVE-2024-50442

    Improper Restriction of XML External Entity Reference vulnerability in WP Royal Royal Elementor Addons allows XML Injection.This issue affects Royal Elementor Addons: from n/a through 1.3.980.... Read more

    Affected Products : royal_elementor_addons
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 8.8

    HIGH
    CVE-2024-50416

    Deserialization of Untrusted Data vulnerability in WPClever WPC Shop as a Customer for WooCommerce allows Object Injection.This issue affects WPC Shop as a Customer for WooCommerce: from n/a through 1.2.6.... Read more

    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 8.8

    HIGH
    CVE-2024-50408

    Deserialization of Untrusted Data vulnerability in Kiboko Labs Namaste! LMS allows Object Injection.This issue affects Namaste! LMS: from n/a through 2.6.3.... Read more

    Affected Products : namaste\!_lms
    • Published: Oct. 28, 2024
    • Modified: Aug. 27, 2025

  • 8.0

    HIGH
    CVE-2024-48074

    An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is execut... Read more

    Affected Products : vigor2960_firmware vigor2960
    • Published: Oct. 28, 2024
    • Modified: May. 17, 2025

  • 7.2

    HIGH
    CVE-2024-10446

    A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. Affected is an unknown function of the file /timetable/admin/admindashboard.php?info=add_course. The manipulation of the argument c leads to sql injec... Read more

    Affected Products : online_time_table_generator
    • Published: Oct. 28, 2024
    • Modified: Nov. 01, 2024

  • 9.1

    CRITICAL
    CVE-2024-38821

    Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all of the following must be true: * It must be a WebFlux application * I... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Jan. 24, 2025

  • 7.2

    HIGH
    CVE-2024-9162

    The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to arbitrary PHP Code Injection due to missing file type validation during the export in all versions up to, and including, 7.86. This makes it possible for authenticated attackers,... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 28, 2024

  • 5.5

    MEDIUM
    CVE-2024-50307

    Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file may be downloaded from an external website and executed. ... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 28, 2024

  • 5.0

    MEDIUM
    CVE-2024-48936

    SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs explicitly running with --stepmgr, or on systems that ... Read more

    Affected Products : slurm
    • Published: Oct. 28, 2024
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-10440

    The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents.... Read more

    Affected Products : ehdr_ctms ehrd_ctms
    • Published: Oct. 28, 2024
    • Modified: Oct. 31, 2024

  • 7.5

    HIGH
    CVE-2024-10439

    The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user.... Read more

    Affected Products : ehdr_ctms ehrd_ctms
    • Published: Oct. 28, 2024
    • Modified: Oct. 31, 2024

  • 7.5

    HIGH
    CVE-2024-10438

    The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities.... Read more

    Affected Products : ehdr_ctms ehrd_ctms
    • Published: Oct. 28, 2024
    • Modified: Oct. 31, 2024

  • 2.2

    LOW
    CVE-2024-23843

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Genians Genian NAC V5.0, Genians Genian NAC LTS V5.0.This issue affects Genian NAC V5.0: from V5.0.0 through V5.0.60; Genian NAC LTS V5.0: from 5.0.0 LTS... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 28, 2024

  • 7.8

    HIGH
    CVE-2024-50067

    In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args Uprobe needs to fetch args into a percpu buffer, and then copy to ring buffer to avoid non-atomic context problem. Sometimes ... Read more

    Affected Products : linux_kernel linux_kernel
    • Published: Oct. 28, 2024
    • Modified: Dec. 11, 2024

  • 6.5

    MEDIUM
    CVE-2024-10435

    A vulnerability was found in didi Super-Jacoco 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cov/triggerEnvCov. The manipulation of the argument uuid leads to command injection. The attack can be initiated rem... Read more

    Affected Products : super-jacoco
    • Published: Oct. 28, 2024
    • Modified: Oct. 28, 2024

  • 9.8

    CRITICAL
    CVE-2024-10434

    A vulnerability was found in Tenda AC1206 up to 20241027. It has been classified as critical. This affects the function ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 of the file /goform/ate. The manipulation of the argument arg leads to stack-based buf... Read more

    Affected Products : ac1206_firmware ac1206
    • Published: Oct. 28, 2024
    • Modified: Nov. 01, 2024

  • 5.9

    MEDIUM
    CVE-2024-50624

    ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig ... Read more

    Affected Products : kmail
    • Published: Oct. 28, 2024
    • Modified: May. 31, 2025

  • 9.8

    CRITICAL
    CVE-2024-50623

    In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.... Read more

    Affected Products : lexicom harmony vltrader
    • Actively Exploited
    • Published: Oct. 28, 2024
    • Modified: Dec. 23, 2024

  • 6.1

    MEDIUM
    CVE-2024-10433

    A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Name/Comment leads to cross site... Read more

    Affected Products : simple_web-based_chat_application
    • Published: Oct. 28, 2024
    • Modified: Oct. 30, 2024
Showing 20 of 294313 Results