Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.0

    HIGH
    CVE-2024-47771

    Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vect... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 8.7

    HIGH
    CVE-2024-47080

    matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method `MatrixClient.sendSharedHistoryKeys` is vulnerable to interception by malicious homeservers. The method was ... Read more

    Affected Products : javascript_sdk
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 6.6

    MEDIUM
    CVE-2023-31493

    RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system.... Read more

    Affected Products : zoneminder
    • Published: Oct. 15, 2024
    • Modified: May. 27, 2025

  • 5.3

    MEDIUM
    CVE-2024-9979

    A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references.... Read more

    Affected Products : pyo3
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 4.8

    MEDIUM
    CVE-2024-48948

    The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because ... Read more

    Affected Products : elliptic elliptic
    • Published: Oct. 15, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-9986

    A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file member_register.php. The manipulation of the argument fullname/username/password/email leads... Read more

    • Published: Oct. 15, 2024
    • Modified: Oct. 21, 2024

  • 5.8

    MEDIUM
    CVE-2024-9977

    A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Affected is an unknown function of the file /cgi-bin/settings-firewall.cgi of the component Firewall Settings Page. The manipulation of the argu... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-48283

    Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection in /admin//search-result.php via the searchkey parameter.... Read more

    • Published: Oct. 15, 2024
    • Modified: Apr. 04, 2025

  • 7.6

    HIGH
    CVE-2024-48282

    A SQL Injection vulnerability was found in /password-recovery.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the femail pa... Read more

    • Published: Oct. 15, 2024
    • Modified: Mar. 31, 2025

  • 7.6

    HIGH
    CVE-2024-48280

    A SQL Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL command via the fromdate parameter in a POST HTTP request.... Read more

    • Published: Oct. 15, 2024
    • Modified: Mar. 31, 2025

  • 7.6

    HIGH
    CVE-2024-48279

    A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary HTML code via the searchkey parameter in a POST HTTP req... Read more

    • Published: Oct. 15, 2024
    • Modified: Mar. 31, 2025

  • 5.5

    MEDIUM
    CVE-2024-48278

    Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to Cross Site Request Forgery (CSRF) via /edit-profile.php.... Read more

    • Published: Oct. 15, 2024
    • Modified: Mar. 31, 2025

  • 9.8

    CRITICAL
    CVE-2024-9976

    A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. This affects an unknown part of the file /php/manage_customer.php?action=search. The manipulation of the argument text leads to sql injection. It is pos... Read more

    Affected Products : pharmacy_management_system
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 8.8

    HIGH
    CVE-2024-9975

    A vulnerability was found in SourceCodester Drag and Drop Image Upload 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.php. The manipulation leads to unrestricted upload. The attack may be launc... Read more

    Affected Products : drag_and_drop_image_upload
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 9.1

    CRITICAL
    CVE-2024-49388

    Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.... Read more

    Affected Products : linux_kernel windows cyber_protect
    • Published: Oct. 15, 2024
    • Modified: Feb. 04, 2025

  • 7.5

    HIGH
    CVE-2024-49387

    Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.... Read more

    Affected Products : linux_kernel windows cyber_protect
    • Published: Oct. 15, 2024
    • Modified: Feb. 04, 2025

  • 4.3

    MEDIUM
    CVE-2024-49384

    Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.... Read more

    Affected Products : linux_kernel windows cyber_protect
    • Published: Oct. 15, 2024
    • Modified: Feb. 04, 2025

  • 4.3

    MEDIUM
    CVE-2024-49383

    Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.... Read more

    Affected Products : linux_kernel windows cyber_protect
    • Published: Oct. 15, 2024
    • Modified: Feb. 04, 2025

  • 4.3

    MEDIUM
    CVE-2024-49382

    Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.... Read more

    Affected Products : linux_kernel windows cyber_protect
    • Published: Oct. 15, 2024
    • Modified: Feb. 04, 2025

  • 5.5

    MEDIUM
    CVE-2024-47674

    In the Linux kernel, the following vulnerability has been resolved: mm: avoid leaving partial pfn mappings around in error case As Jann points out, PFN mappings are special, because unlike normal memory mappings, there is no lifetime information associa... Read more

    Affected Products : linux_kernel
    • Published: Oct. 15, 2024
    • Modified: Nov. 17, 2024
Showing 20 of 294836 Results