Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-10434

    A vulnerability was found in Tenda AC1206 up to 20241027. It has been classified as critical. This affects the function ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 of the file /goform/ate. The manipulation of the argument arg leads to stack-based buf... Read more

    Affected Products : ac1206_firmware ac1206
    • Published: Oct. 28, 2024
    • Modified: Nov. 01, 2024

  • 5.9

    MEDIUM
    CVE-2024-50624

    ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig ... Read more

    Affected Products : kmail
    • Published: Oct. 28, 2024
    • Modified: May. 31, 2025

  • 9.8

    CRITICAL
    CVE-2024-50623

    In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.... Read more

    Affected Products : lexicom harmony vltrader
    • Actively Exploited
    • Published: Oct. 28, 2024
    • Modified: Dec. 23, 2024

  • 6.1

    MEDIUM
    CVE-2024-10433

    A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Name/Comment leads to cross site... Read more

    Affected Products : simple_web-based_chat_application
    • Published: Oct. 28, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-10432

    A vulnerability has been found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument username leads to sql in... Read more

    Affected Products : simple_web-based_chat_application
    • Published: Oct. 28, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-10431

    A vulnerability, which was classified as critical, was found in Codezips Pet Shop Management System 1.0. Affected is an unknown function of the file /deletebird.php. The manipulation of the argument t1 leads to sql injection. It is possible to launch the ... Read more

    Affected Products : pet_shop_management_system
    • Published: Oct. 27, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-10430

    A vulnerability, which was classified as critical, has been found in Codezips Pet Shop Management System 1.0. This issue affects some unknown processing of the file /animalsupdate.php. The manipulation of the argument id leads to sql injection. The attack... Read more

    Affected Products : pet_shop_management_system
    • Published: Oct. 27, 2024
    • Modified: Oct. 30, 2024

  • 8.8

    HIGH
    CVE-2024-50616

    Ironman PowerShell Universal 5.x before 5.0.12 allows an authenticated attacker to elevate their privileges and view job information.... Read more

    Affected Products :
    • Published: Oct. 27, 2024
    • Modified: Oct. 30, 2024

  • 6.5

    MEDIUM
    CVE-2024-50615

    TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/digit, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.... Read more

    Affected Products : tinyxml2
    • Published: Oct. 27, 2024
    • Modified: Sep. 04, 2025

  • 6.5

    MEDIUM
    CVE-2024-50614

    TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/16, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.... Read more

    Affected Products : tinyxml2
    • Published: Oct. 27, 2024
    • Modified: Sep. 04, 2025

  • 6.5

    MEDIUM
    CVE-2024-50613

    libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.... Read more

    Affected Products : libsndfile
    • Published: Oct. 27, 2024
    • Modified: Oct. 31, 2024

  • 5.5

    MEDIUM
    CVE-2024-50612

    libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read.... Read more

    Affected Products : libsndfile
    • Published: Oct. 27, 2024
    • Modified: Nov. 05, 2024

  • 7.2

    HIGH
    CVE-2024-50611

    CycloneDX cdxgen through 10.10.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has bee... Read more

    Affected Products :
    • Published: Oct. 27, 2024
    • Modified: Oct. 30, 2024

  • 3.6

    LOW
    CVE-2024-50610

    GSL (GNU Scientific Library) through 2.8 has an integer signedness error in gsl_siman_solve_many in siman/siman.c. When params.n_tries is negative, incorrect memory allocation occurs.... Read more

    Affected Products : gnu_scientific_library
    • Published: Oct. 27, 2024
    • Modified: Sep. 04, 2025

  • 8.6

    HIGH
    CVE-2024-10429

    A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr lea... Read more

    • Published: Oct. 27, 2024
    • Modified: Nov. 13, 2024

  • 8.6

    HIGH
    CVE-2024-10428

    A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. ... Read more

    • Published: Oct. 27, 2024
    • Modified: Nov. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-10427

    A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /deleteanimal.php. The manipulation of the argument t1 leads to sql injection. The attack can be in... Read more

    Affected Products : pet_shop_management_system
    • Published: Oct. 27, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-10426

    A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file /animalsadd.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the ... Read more

    Affected Products : pet_shop_management_system
    • Published: Oct. 27, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-10425

    A vulnerability was found in Project Worlds Student Project Allocation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /student/project_selection/move_up_project.php of the component Project Selectio... Read more

    • Published: Oct. 27, 2024
    • Modified: Oct. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-10424

    A vulnerability has been found in Project Worlds Student Project Allocation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/project_selection/remove_project.php of the component Projec... Read more

    • Published: Oct. 27, 2024
    • Modified: Oct. 29, 2024
Showing 20 of 294357 Results