Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-10446

    A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. Affected is an unknown function of the file /timetable/admin/admindashboard.php?info=add_course. The manipulation of the argument c leads to sql injec... Read more

    Affected Products : online_time_table_generator
    • Published: Oct. 28, 2024
    • Modified: Nov. 01, 2024

  • 9.1

    CRITICAL
    CVE-2024-38821

    Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all of the following must be true: * It must be a WebFlux application * I... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Jan. 24, 2025

  • 7.2

    HIGH
    CVE-2024-9162

    The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to arbitrary PHP Code Injection due to missing file type validation during the export in all versions up to, and including, 7.86. This makes it possible for authenticated attackers,... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 28, 2024

  • 5.5

    MEDIUM
    CVE-2024-50307

    Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file may be downloaded from an external website and executed. ... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 28, 2024

  • 5.0

    MEDIUM
    CVE-2024-48936

    SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs explicitly running with --stepmgr, or on systems that ... Read more

    Affected Products : slurm
    • Published: Oct. 28, 2024
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-10440

    The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents.... Read more

    Affected Products : ehdr_ctms ehrd_ctms
    • Published: Oct. 28, 2024
    • Modified: Oct. 31, 2024

  • 7.5

    HIGH
    CVE-2024-10439

    The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user.... Read more

    Affected Products : ehdr_ctms ehrd_ctms
    • Published: Oct. 28, 2024
    • Modified: Oct. 31, 2024

  • 7.5

    HIGH
    CVE-2024-10438

    The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities.... Read more

    Affected Products : ehdr_ctms ehrd_ctms
    • Published: Oct. 28, 2024
    • Modified: Oct. 31, 2024

  • 2.2

    LOW
    CVE-2024-23843

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Genians Genian NAC V5.0, Genians Genian NAC LTS V5.0.This issue affects Genian NAC V5.0: from V5.0.0 through V5.0.60; Genian NAC LTS V5.0: from 5.0.0 LTS... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 28, 2024

  • 7.8

    HIGH
    CVE-2024-50067

    In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args Uprobe needs to fetch args into a percpu buffer, and then copy to ring buffer to avoid non-atomic context problem. Sometimes ... Read more

    Affected Products : linux_kernel linux_kernel
    • Published: Oct. 28, 2024
    • Modified: Dec. 11, 2024

  • 6.5

    MEDIUM
    CVE-2024-10435

    A vulnerability was found in didi Super-Jacoco 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cov/triggerEnvCov. The manipulation of the argument uuid leads to command injection. The attack can be initiated rem... Read more

    Affected Products : super-jacoco
    • Published: Oct. 28, 2024
    • Modified: Oct. 28, 2024

  • 9.8

    CRITICAL
    CVE-2024-10434

    A vulnerability was found in Tenda AC1206 up to 20241027. It has been classified as critical. This affects the function ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 of the file /goform/ate. The manipulation of the argument arg leads to stack-based buf... Read more

    Affected Products : ac1206_firmware ac1206
    • Published: Oct. 28, 2024
    • Modified: Nov. 01, 2024

  • 5.9

    MEDIUM
    CVE-2024-50624

    ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig ... Read more

    Affected Products : kmail
    • Published: Oct. 28, 2024
    • Modified: May. 31, 2025

  • 9.8

    CRITICAL
    CVE-2024-50623

    In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.... Read more

    Affected Products : lexicom harmony vltrader
    • Actively Exploited
    • Published: Oct. 28, 2024
    • Modified: Dec. 23, 2024

  • 6.1

    MEDIUM
    CVE-2024-10433

    A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Name/Comment leads to cross site... Read more

    Affected Products : simple_web-based_chat_application
    • Published: Oct. 28, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-10432

    A vulnerability has been found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument username leads to sql in... Read more

    Affected Products : simple_web-based_chat_application
    • Published: Oct. 28, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-10431

    A vulnerability, which was classified as critical, was found in Codezips Pet Shop Management System 1.0. Affected is an unknown function of the file /deletebird.php. The manipulation of the argument t1 leads to sql injection. It is possible to launch the ... Read more

    Affected Products : pet_shop_management_system
    • Published: Oct. 27, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-10430

    A vulnerability, which was classified as critical, has been found in Codezips Pet Shop Management System 1.0. This issue affects some unknown processing of the file /animalsupdate.php. The manipulation of the argument id leads to sql injection. The attack... Read more

    Affected Products : pet_shop_management_system
    • Published: Oct. 27, 2024
    • Modified: Oct. 30, 2024

  • 8.8

    HIGH
    CVE-2024-50616

    Ironman PowerShell Universal 5.x before 5.0.12 allows an authenticated attacker to elevate their privileges and view job information.... Read more

    Affected Products :
    • Published: Oct. 27, 2024
    • Modified: Oct. 30, 2024

  • 6.5

    MEDIUM
    CVE-2024-50615

    TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/digit, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.... Read more

    Affected Products : tinyxml2
    • Published: Oct. 27, 2024
    • Modified: Sep. 04, 2025
Showing 20 of 294528 Results