Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2022-30358

    OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required.... Read more

    Affected Products : ovaledge
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 9.8

    CRITICAL
    CVE-2022-30357

    OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required.... Read more

    Affected Products : ovaledge
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 8.8

    HIGH
    CVE-2022-30356

    OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . Authentication is required with OE_ADMIN role privilege.... Read more

    Affected Products : ovaledge
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-48581

    File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the admin_class.php component.... Read more

    Affected Products : best_courier_management_system
    • Published: Oct. 25, 2024
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-48580

    SQL Injection vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the email parameter of the login request.... Read more

    Affected Products : best_courier_management_system
    • Published: Oct. 25, 2024
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-48579

    SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter of the login request.... Read more

    • Published: Oct. 25, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-48204

    SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote attacker to execute arbitrary code via a crafted script.... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024

  • 5.3

    MEDIUM
    CVE-2023-26248

    The Kademlia DHT (go-libp2p-kad-dht 0.20.0 and earlier) used in IPFS (0.18.1 and earlier) assigns routing information for content (i.e., information about who holds the content) to be stored by peers whose peer IDs have a small DHT distance from the conte... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024

  • 9.8

    CRITICAL
    CVE-2022-30355

    OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required.... Read more

    Affected Products : ovaledge
    • Published: Oct. 25, 2024
    • Modified: Apr. 28, 2025

  • 7.5

    HIGH
    CVE-2022-30354

    OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserWithTeam. Authentication is required. The information disclosed is associated with all registered user ID numbers.... Read more

    Affected Products : ovaledge
    • Published: Oct. 25, 2024
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2024-49757

    The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Regi... Read more

    Affected Products : zitadel
    • Published: Oct. 25, 2024
    • Modified: Aug. 26, 2025

  • 9.8

    CRITICAL
    CVE-2024-48428

    An issue in Olive VLE allows an attacker to obtain sensitive information via the reset password function.... Read more

    Affected Products : olivevle
    • Published: Oct. 25, 2024
    • Modified: Mar. 19, 2025

  • 9.1

    CRITICAL
    CVE-2024-49753

    Zitadel is open-source identity infrastructure software. Versions prior to 2.64.1, 2.63.6, 2.62.8, 2.61.4, 2.60.4, 2.59.5, and 2.58.7 have a flaw in the URL validation mechanism of Zitadel actions allows bypassing restrictions intended to block requests t... Read more

    Affected Products : zitadel
    • Published: Oct. 25, 2024
    • Modified: Aug. 26, 2025

  • 7.7

    HIGH
    CVE-2024-49381

    Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may lead to informati... Read more

    Affected Products : plenti
    • Published: Oct. 25, 2024
    • Modified: Nov. 14, 2024

  • 8.9

    HIGH
    CVE-2024-49380

    Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote ... Read more

    Affected Products : plenti
    • Published: Oct. 25, 2024
    • Modified: May. 06, 2025

  • 7.0

    HIGH
    CVE-2024-9991

    This vulnerability exists in Philips lighting devices due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the ... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024

  • 6.1

    MEDIUM
    CVE-2024-49378

    smartUp, a web browser mouse gestures extension, has a universal cross-site scripting issue in the Edge and Firefox versions of smartUp 7.2.622.1170. The vulnerability allows another extension to execute arbitrary code in the context of the user’s tab. As... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024

  • 8.8

    HIGH
    CVE-2024-49376

    Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. For email-based accounts, users with insufficient privileges could reset and theoretically access privile... Read more

    Affected Products : autolab
    • Published: Oct. 25, 2024
    • Modified: Nov. 14, 2024

  • 9.8

    CRITICAL
    CVE-2024-10381

    This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request ... Read more

    • Published: Oct. 25, 2024
    • Modified: Nov. 14, 2024

  • 7.5

    HIGH
    CVE-2024-10380

    A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/ajax_product.php. The manipulation of the argument drop_servic... Read more

    Affected Products : petrol_pump_management
    • Published: Oct. 25, 2024
    • Modified: Nov. 01, 2024
Showing 20 of 294454 Results