Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2024-47883

    The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the `java.net.URL` class to refer to (what are expected to be) local resource files, like images or templates. This works: "opening... Read more

    Affected Products : butterfly
    • Published: Oct. 24, 2024
    • Modified: Oct. 29, 2024

  • 6.1

    MEDIUM
    CVE-2024-47882

    OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page... Read more

    Affected Products : openrefine
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 8.8

    HIGH
    CVE-2024-47881

    OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the `database` extension, the "enable_load_extension" property can be set for the SQLite integration, enabling an attacker to l... Read more

    Affected Products : openrefine
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 8.1

    HIGH
    CVE-2024-47880

    OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `export-rows` command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attac... Read more

    Affected Products : openrefine
    • Published: Oct. 24, 2024
    • Modified: Oct. 30, 2024

  • 8.8

    HIGH
    CVE-2024-47879

    OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the `preview-expression` command means that visiting a malicious website could cause an attacker-controlled expres... Read more

    Affected Products : openrefine
    • Published: Oct. 24, 2024
    • Modified: Dec. 04, 2024

  • 8.1

    HIGH
    CVE-2024-47878

    OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `/extension/gdata/authorized` endpoint includes the `state` GET parameter verbatim in a `<script>` tag in the output, so without escaping. An attacker could le... Read more

    Affected Products : openrefine
    • Published: Oct. 24, 2024
    • Modified: Oct. 30, 2024

  • 8.8

    HIGH
    CVE-2024-45263

    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information lea... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 8.8

    HIGH
    CVE-2024-45262

    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execut... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 8.0

    HIGH
    CVE-2024-45261

    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 8.0

    HIGH
    CVE-2024-45260

    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 8.1

    HIGH
    CVE-2024-10327

    A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a user lo... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-45259

    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 7.8

    HIGH
    CVE-2024-45242

    EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During the time of initial setup, the device creates an open unsecured network whose admin pa... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 7.2

    HIGH
    CVE-2024-48454

    An issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute arbitrary code via the /admin?page=user component... Read more

    • Published: Oct. 24, 2024
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2024-48427

    A SQL injection vulnerability in Sourcecodester Packers and Movers Management System v1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in /mpms/admin/?page=services/manage_service&id... Read more

    • Published: Oct. 24, 2024
    • Modified: Oct. 31, 2024

  • 9.1

    CRITICAL
    CVE-2024-48145

    A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 9.1

    CRITICAL
    CVE-2024-48144

    A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 9.1

    CRITICAL
    CVE-2024-48143

    A lack of rate limiting in the OTP validation component of Digitory Multi Channel Integrated POS v1.0 allows attackers to gain access to the ordering system and place an excessive amount of food orders.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 7.5

    HIGH
    CVE-2024-48142

    A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 7.5

    HIGH
    CVE-2024-48141

    A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024
Showing 20 of 294701 Results