Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-48237

    WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController.class.php.... Read more

    Affected Products : wtcms
    • Published: Oct. 25, 2024
    • Modified: Apr. 17, 2025

  • 6.5

    MEDIUM
    CVE-2024-48236

    An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of the ofcms-admin\src\main\java\com\ofsoft\cms\core\uitle\FileUtils.java file... Read more

    Affected Products : ofcms
    • Published: Oct. 25, 2024
    • Modified: Apr. 18, 2025

  • 6.5

    MEDIUM
    CVE-2024-48235

    An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file.... Read more

    Affected Products : ofcms
    • Published: Oct. 25, 2024
    • Modified: Apr. 18, 2025

  • 4.9

    MEDIUM
    CVE-2024-48234

    An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in Server-side request forgery (... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 29, 2024

  • 6.1

    MEDIUM
    CVE-2024-48228

    An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS).... Read more

    Affected Products : funadmin
    • Published: Oct. 25, 2024
    • Modified: Jun. 10, 2025

  • 6.1

    MEDIUM
    CVE-2024-48396

    AIML Chatbot 1.0 (fixed in 2.0) is vulnerable to Cross Site Scripting (XSS). The vulnerability is exploited through the message input field, where attackers can inject malicious HTML or JavaScript code. The chatbot fails to sanitize these inputs, leading ... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 30, 2024

  • 4.8

    MEDIUM
    CVE-2024-48233

    mipjz 5.0.5 is vulnerable to Cross Site Scripting (XSS) in \app\setting\controller\ApiAdminSetting.php via the ICP parameter.... Read more

    Affected Products : mipjz
    • Published: Oct. 25, 2024
    • Modified: Jul. 07, 2025

  • 4.9

    MEDIUM
    CVE-2024-48232

    An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in a Server-side request fo... Read more

    Affected Products : mipjz
    • Published: Oct. 25, 2024
    • Modified: Jul. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-48230

    funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php.... Read more

    Affected Products : funadmin
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-48229

    funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin.... Read more

    Affected Products : funadmin
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 7.5

    HIGH
    CVE-2024-48227

    Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS).... Read more

    Affected Products : funadmin
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-48226

    Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield.... Read more

    Affected Products : funadmin
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 9.1

    CRITICAL
    CVE-2024-48225

    Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile.... Read more

    Affected Products : funadmin
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 7.5

    HIGH
    CVE-2024-48224

    Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile.... Read more

    Affected Products : funadmin
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-48223

    Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist.... Read more

    Affected Products : funadmin
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-48222

    Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit.... Read more

    Affected Products : funadmin
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-48218

    Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.... Read more

    Affected Products : funadmin
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 7.5

    HIGH
    CVE-2024-49767

    Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vu... Read more

    Affected Products : werkzeug quart
    • Published: Oct. 25, 2024
    • Modified: Jan. 03, 2025

  • 6.3

    MEDIUM
    CVE-2024-49766

    Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potenti... Read more

    Affected Products : werkzeug
    • Published: Oct. 25, 2024
    • Modified: Jan. 31, 2025

  • 6.5

    MEDIUM
    CVE-2024-48450

    An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into chat group.... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 29, 2024
Showing 20 of 294313 Results