Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-48700

    Kliqqi-CMS has a background arbitrary code execution vulnerability that attackers can exploit to implant backdoors or getShell via the edit_page.php component.... Read more

    Affected Products : kliqqi_cms
    • Published: Oct. 25, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-48448

    An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into the tracker comments page.... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 29, 2024

  • 6.3

    MEDIUM
    CVE-2024-48343

    A SQL Injection vulnerability in ESAFENET CDG 5 and earlier allows an attacker to execute arbitrary code via the id parameter of the dataSearch.jsp page.... Read more

    Affected Products : cdg
    • Published: Oct. 25, 2024
    • Modified: May. 28, 2025

  • 5.9

    MEDIUM
    CVE-2024-8036

    ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. An attacker could exploit these vulnerabilities by sending a specially crafted firmware or configuration to the system node, causing the node to stop, becom... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 30, 2024

  • 6.5

    MEDIUM
    CVE-2024-48743

    Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote attacker to execute arbitrary code via the z parameter.... Read more

    Affected Products : sentry
    • Published: Oct. 25, 2024
    • Modified: May. 01, 2025

  • 8.8

    HIGH
    CVE-2024-48655

    An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file.... Read more

    Affected Products : total.js_cms total.js
    • Published: Oct. 25, 2024
    • Modified: May. 27, 2025

  • 6.1

    MEDIUM
    CVE-2024-48654

    Cross Site Scripting vulnerability in Blood Bank v.1 allows a remote attacker to execute arbitrary code via a crafted script to the login.php component.... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024

  • 7.3

    HIGH
    CVE-2024-48459

    A command execution vulnerability exists in the AX2 Pro home router produced by Shenzhen Tenda Technology Co., Ltd. (Jixiang Tenda) v.DI_7003G-19.12.24A1V16.03.29.50;V16.03.29.50;V16.03.29.50. An attacker can exploit this vulnerability by constructing a m... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 29, 2024

  • 8.7

    HIGH
    CVE-2024-10387

    CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in Denial-of-Service.... Read more

    Affected Products : thinmanager
    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-10386

    CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in database manipulation.... Read more

    Affected Products : thinmanager
    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 5.3

    MEDIUM
    CVE-2022-30361

    OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserType. No authentication is required. The information disclosed is associated with the registered user ID, status, email address, role(s),... Read more

    Affected Products : ovaledge
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 6.4

    MEDIUM
    CVE-2022-30360

    OvalEdge 5.2.8.0 and earlier is affected by multiple Stored XSS (AKA Persistent or Type II) vulnerabilities via a POST request to /profile/updateProfile via the slackid or phone parameters. Authentication is required.... Read more

    Affected Products : ovaledge
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 5.4

    MEDIUM
    CVE-2022-30359

    OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email... Read more

    Affected Products : ovaledge
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 8.8

    HIGH
    CVE-2022-30358

    OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required.... Read more

    Affected Products : ovaledge
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 9.8

    CRITICAL
    CVE-2022-30357

    OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required.... Read more

    Affected Products : ovaledge
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 8.8

    HIGH
    CVE-2022-30356

    OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . Authentication is required with OE_ADMIN role privilege.... Read more

    Affected Products : ovaledge
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-48581

    File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the admin_class.php component.... Read more

    Affected Products : best_courier_management_system
    • Published: Oct. 25, 2024
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-48580

    SQL Injection vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the email parameter of the login request.... Read more

    Affected Products : best_courier_management_system
    • Published: Oct. 25, 2024
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-48579

    SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter of the login request.... Read more

    • Published: Oct. 25, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-48204

    SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote attacker to execute arbitrary code via a crafted script.... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024
Showing 20 of 294527 Results