Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2024-21193

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with netw... Read more

    Affected Products : mysql mysql_server
    • Published: Oct. 15, 2024
    • Modified: Oct. 18, 2024

  • 4.4

    MEDIUM
    CVE-2024-21192

    Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Fusion Middleware (component: WebLogic Mgmt). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker w... Read more

    • Published: Oct. 15, 2024
    • Modified: Oct. 18, 2024

  • 7.6

    HIGH
    CVE-2024-21191

    Vulnerability in the Oracle Enterprise Manager Fusion Middleware Control product of Oracle Fusion Middleware (component: FMW Control Plugin). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged at... Read more

    • Published: Oct. 15, 2024
    • Modified: Oct. 18, 2024

  • 7.5

    HIGH
    CVE-2024-21190

    Vulnerability in the Oracle Global Lifecycle Management FMW Installer product of Oracle Fusion Middleware (component: Cloning). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with n... Read more

    • Published: Oct. 15, 2024
    • Modified: Oct. 18, 2024

  • 9.0

    CRITICAL
    CVE-2024-21172

    Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.19, 5.6.25.8 and 5.6.26.4. Difficult to exploit vulnerability allows unauthenticated a... Read more

    Affected Products : hospitality_opera_5
    • Published: Oct. 15, 2024
    • Modified: Oct. 21, 2024

  • 7.5

    HIGH
    CVE-2024-41344

    A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges.... Read more

    Affected Products : codeigniter
    • Published: Oct. 15, 2024
    • Modified: Aug. 01, 2025

  • 8.8

    HIGH
    CVE-2024-35584

    SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition 9.1 to 8.0, and possibly earlier versions. It is possible for an authenticated user to perform S... Read more

    Affected Products : opensis opensis
    • Published: Oct. 15, 2024
    • Modified: Jul. 17, 2025

  • 7.5

    HIGH
    CVE-2024-5749

    Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials.... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 8.7

    HIGH
    CVE-2024-48915

    Agent Dart is an agent library built for Internet Computer for Dart and Flutter apps. Prior to version 1.0.0-dev.29, certificate verification in `lib/agent/certificate.dart` does not occur properly. During the delegation verification in the `_checkDelegat... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2024-9676

    A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using a... Read more

    • Published: Oct. 15, 2024
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2024-9506

    Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 9.1

    CRITICAL
    CVE-2024-48914

    Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of a... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 5.9

    MEDIUM
    CVE-2024-48913

    Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery (CSRF) middleware by a request without Content-Type header. Although the CSRF middleware verifies the Content-Type Header, Hono always considers a request ... Read more

    Affected Products : hono
    • Published: Oct. 15, 2024
    • Modified: Sep. 17, 2025

  • 5.3

    MEDIUM
    CVE-2024-48624

    In segments\edit.php of DomainMOD below v4.12.0, the segid parameter in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS) vulnerability.... Read more

    Affected Products : domainmod
    • Published: Oct. 15, 2024
    • Modified: May. 06, 2025

  • 5.3

    MEDIUM
    CVE-2024-48623

    In queue\index.php of DomainMOD below v4.12.0, the list_id and domain_id parameters in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS).... Read more

    Affected Products : domainmod
    • Published: Oct. 15, 2024
    • Modified: May. 06, 2025

  • 6.6

    MEDIUM
    CVE-2024-48622

    A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter.... Read more

    Affected Products : domainmod
    • Published: Oct. 15, 2024
    • Modified: May. 06, 2025

  • 8.7

    HIGH
    CVE-2024-47876

    Sakai is a Collaboration and Learning Environment. Starting in version 23.0 and prior to version 23.2, kernel users created with type roleview can log in as a normal user. This can result in illegal access being granted to the system. Version 23.3 fixes t... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2024-47874

    Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. Prior to version 0.40.0, Starlette treats `multipart/form-data` parts without a `filename` as text form fields and buffers those in byte strings with no size limit. This allow... Read more

    Affected Products : starlette
    • Published: Oct. 15, 2024
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2024-47824

    matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room wh... Read more

    Affected Products : matrix-react-sdk
    • Published: Oct. 15, 2024
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2024-47779

    Element is a Matrix web client built using the Matrix React SDK. Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one v... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Nov. 12, 2024
Showing 20 of 294836 Results