Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-48223

    Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist.... Read more

    Affected Products : funadmin
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-48222

    Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit.... Read more

    Affected Products : funadmin
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-48218

    Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.... Read more

    Affected Products : funadmin
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 7.5

    HIGH
    CVE-2024-49767

    Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vu... Read more

    Affected Products : werkzeug quart
    • Published: Oct. 25, 2024
    • Modified: Jan. 03, 2025

  • 6.3

    MEDIUM
    CVE-2024-49766

    Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potenti... Read more

    Affected Products : werkzeug
    • Published: Oct. 25, 2024
    • Modified: Jan. 31, 2025

  • 6.5

    MEDIUM
    CVE-2024-48450

    An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into chat group.... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-37847

    An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted file.... Read more

    Affected Products : mango mangoapi
    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-37846

    MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page.... Read more

    Affected Products : mango
    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 7.2

    HIGH
    CVE-2024-37845

    MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Process Command feature.... Read more

    Affected Products : mango
    • Published: Oct. 25, 2024
    • Modified: Nov. 04, 2024

  • 5.4

    MEDIUM
    CVE-2024-37844

    A stored cross-site scripting (XSS) vulnerability in MangoOS before 5.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : mango
    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 6.4

    MEDIUM
    CVE-2024-9585

    The Image Map Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'save_project' function with an arbitrary shortcode in versions up to, and including, 6.0.20 due to insufficient input sanitization and output escaping on user sup... Read more

    Affected Products : image_map_pro
    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 5.4

    MEDIUM
    CVE-2024-9584

    The Image Map Pro plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the AJAX functions in versions up to, and including, 6.0.20. This makes it possible for authenticated attackers... Read more

    Affected Products : image_map_pro
    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 7.2

    HIGH
    CVE-2024-48700

    Kliqqi-CMS has a background arbitrary code execution vulnerability that attackers can exploit to implant backdoors or getShell via the edit_page.php component.... Read more

    Affected Products : kliqqi_cms
    • Published: Oct. 25, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-48448

    An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into the tracker comments page.... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 29, 2024

  • 6.3

    MEDIUM
    CVE-2024-48343

    A SQL Injection vulnerability in ESAFENET CDG 5 and earlier allows an attacker to execute arbitrary code via the id parameter of the dataSearch.jsp page.... Read more

    Affected Products : cdg
    • Published: Oct. 25, 2024
    • Modified: May. 28, 2025

  • 5.9

    MEDIUM
    CVE-2024-8036

    ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. An attacker could exploit these vulnerabilities by sending a specially crafted firmware or configuration to the system node, causing the node to stop, becom... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 30, 2024

  • 6.5

    MEDIUM
    CVE-2024-48743

    Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote attacker to execute arbitrary code via the z parameter.... Read more

    Affected Products : sentry
    • Published: Oct. 25, 2024
    • Modified: May. 01, 2025

  • 8.8

    HIGH
    CVE-2024-48655

    An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file.... Read more

    Affected Products : total.js_cms total.js
    • Published: Oct. 25, 2024
    • Modified: May. 27, 2025

  • 6.1

    MEDIUM
    CVE-2024-48654

    Cross Site Scripting vulnerability in Blood Bank v.1 allows a remote attacker to execute arbitrary code via a crafted script to the login.php component.... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024

  • 7.3

    HIGH
    CVE-2024-48459

    A command execution vulnerability exists in the AX2 Pro home router produced by Shenzhen Tenda Technology Co., Ltd. (Jixiang Tenda) v.DI_7003G-19.12.24A1V16.03.29.50;V16.03.29.50;V16.03.29.50. An attacker can exploit this vulnerability by constructing a m... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 29, 2024
Showing 20 of 294319 Results