Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-48623

    In queue\index.php of DomainMOD below v4.12.0, the list_id and domain_id parameters in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS).... Read more

    Affected Products : domainmod
    • Published: Oct. 15, 2024
    • Modified: May. 06, 2025

  • 6.6

    MEDIUM
    CVE-2024-48622

    A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter.... Read more

    Affected Products : domainmod
    • Published: Oct. 15, 2024
    • Modified: May. 06, 2025

  • 8.7

    HIGH
    CVE-2024-47876

    Sakai is a Collaboration and Learning Environment. Starting in version 23.0 and prior to version 23.2, kernel users created with type roleview can log in as a normal user. This can result in illegal access being granted to the system. Version 23.3 fixes t... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2024-47874

    Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. Prior to version 0.40.0, Starlette treats `multipart/form-data` parts without a `filename` as text form fields and buffers those in byte strings with no size limit. This allow... Read more

    Affected Products : starlette
    • Published: Oct. 15, 2024
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2024-47824

    matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room wh... Read more

    Affected Products : matrix-react-sdk
    • Published: Oct. 15, 2024
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2024-47779

    Element is a Matrix web client built using the Matrix React SDK. Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one v... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Nov. 12, 2024

  • 7.0

    HIGH
    CVE-2024-47771

    Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vect... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 8.7

    HIGH
    CVE-2024-47080

    matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method `MatrixClient.sendSharedHistoryKeys` is vulnerable to interception by malicious homeservers. The method was ... Read more

    Affected Products : javascript_sdk
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 6.6

    MEDIUM
    CVE-2023-31493

    RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system.... Read more

    Affected Products : zoneminder
    • Published: Oct. 15, 2024
    • Modified: May. 27, 2025

  • 5.3

    MEDIUM
    CVE-2024-9979

    A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references.... Read more

    Affected Products : pyo3
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 4.8

    MEDIUM
    CVE-2024-48948

    The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because ... Read more

    Affected Products : elliptic elliptic
    • Published: Oct. 15, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-9986

    A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file member_register.php. The manipulation of the argument fullname/username/password/email leads... Read more

    • Published: Oct. 15, 2024
    • Modified: Oct. 21, 2024

  • 5.8

    MEDIUM
    CVE-2024-9977

    A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Affected is an unknown function of the file /cgi-bin/settings-firewall.cgi of the component Firewall Settings Page. The manipulation of the argu... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-48283

    Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection in /admin//search-result.php via the searchkey parameter.... Read more

    • Published: Oct. 15, 2024
    • Modified: Apr. 04, 2025

  • 7.6

    HIGH
    CVE-2024-48282

    A SQL Injection vulnerability was found in /password-recovery.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the femail pa... Read more

    • Published: Oct. 15, 2024
    • Modified: Mar. 31, 2025

  • 7.6

    HIGH
    CVE-2024-48280

    A SQL Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL command via the fromdate parameter in a POST HTTP request.... Read more

    • Published: Oct. 15, 2024
    • Modified: Mar. 31, 2025

  • 7.6

    HIGH
    CVE-2024-48279

    A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary HTML code via the searchkey parameter in a POST HTTP req... Read more

    • Published: Oct. 15, 2024
    • Modified: Mar. 31, 2025

  • 5.5

    MEDIUM
    CVE-2024-48278

    Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to Cross Site Request Forgery (CSRF) via /edit-profile.php.... Read more

    • Published: Oct. 15, 2024
    • Modified: Mar. 31, 2025

  • 9.8

    CRITICAL
    CVE-2024-9976

    A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. This affects an unknown part of the file /php/manage_customer.php?action=search. The manipulation of the argument text leads to sql injection. It is pos... Read more

    Affected Products : pharmacy_management_system
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 8.8

    HIGH
    CVE-2024-9975

    A vulnerability was found in SourceCodester Drag and Drop Image Upload 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.php. The manipulation leads to unrestricted upload. The attack may be launc... Read more

    Affected Products : drag_and_drop_image_upload
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024
Showing 20 of 294842 Results