Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-48255

    Cloudlog 2.6.15 allows Oqrs.php get_station_info station_id SQL injection.... Read more

    Affected Products : cloudlog
    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-48253

    Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection.... Read more

    Affected Products : cloudlog
    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024

  • 6.5

    MEDIUM
    CVE-2024-48120

    X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list.... Read more

    Affected Products : x2crm
    • Published: Oct. 14, 2024
    • Modified: Oct. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-48119

    Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Authenticated users can inject arbitrary HTML.... Read more

    Affected Products : vtiger_crm
    • Published: Oct. 14, 2024
    • Modified: Oct. 30, 2024

  • 8.6

    HIGH
    CVE-2024-9139

    The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.... Read more

    Affected Products : tn-4900_firmware
    • Published: Oct. 14, 2024
    • Modified: Oct. 15, 2024

  • 9.4

    CRITICAL
    CVE-2024-9137

    The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration fil... Read more

    • Published: Oct. 14, 2024
    • Modified: Jan. 17, 2025

  • 4.7

    MEDIUM
    CVE-2024-46911

    Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller's CSRF prot... Read more

    Affected Products : roller
    • Published: Oct. 14, 2024
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2024-43701

    Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.... Read more

    Affected Products : ddk
    • Published: Oct. 14, 2024
    • Modified: Oct. 15, 2024

  • 7.5

    HIGH
    CVE-2024-38863

    Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks.... Read more

    Affected Products : checkmk checkmk
    • Published: Oct. 14, 2024
    • Modified: Dec. 03, 2024

  • 4.4

    MEDIUM
    CVE-2024-38862

    Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrato... Read more

    Affected Products : checkmk checkmk
    • Published: Oct. 14, 2024
    • Modified: Dec. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-9924

    The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently .... Read more

    Affected Products : oaklouds_portal
    • Published: Oct. 14, 2024
    • Modified: Oct. 15, 2024

  • 4.9

    MEDIUM
    CVE-2024-9923

    The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them.... Read more

    Affected Products : team\+_pro
    • Published: Oct. 14, 2024
    • Modified: Oct. 24, 2024

  • 5.3

    MEDIUM
    CVE-2024-49214

    QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.... Read more

    Affected Products : haproxy
    • Published: Oct. 14, 2024
    • Modified: Oct. 29, 2024

  • 7.5

    HIGH
    CVE-2024-9922

    The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.... Read more

    Affected Products : team\+_pro
    • Published: Oct. 14, 2024
    • Modified: Oct. 24, 2024

  • 9.8

    CRITICAL
    CVE-2024-9921

    The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database contents.... Read more

    Affected Products : team\+_pro
    • Published: Oct. 14, 2024
    • Modified: Oct. 24, 2024

  • 9.8

    CRITICAL
    CVE-2024-7099

    netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include `get_knowledge_base_name`, `from_status_to_status`, `delete... Read more

    Affected Products : qanything qanything
    • Published: Oct. 13, 2024
    • Modified: Jul. 30, 2025

  • 7.2

    HIGH
    CVE-2024-9918

    A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/sql.php. The manipulation of the argument sql leads to sql injection. The attack can be in... Read more

    Affected Products : usualtoolcms
    • Published: Oct. 13, 2024
    • Modified: Oct. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-9917

    A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/template_creat.php. The manipulation of the argument content leads to deserialization. It is possible... Read more

    Affected Products : usualtoolcms
    • Published: Oct. 13, 2024
    • Modified: Oct. 19, 2024

  • 8.5

    HIGH
    CVE-2024-8070

    CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that exposes test credentials in the firmware binary... Read more

    Affected Products :
    • Published: Oct. 13, 2024
    • Modified: Oct. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-9916

    A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. Affected by this issue is some unknown functionality of the file app/modules/ut-cac/admin/cli.php. The manipulation of the argument o leads to os command injection. Th... Read more

    Affected Products : usualtoolcms
    • Published: Oct. 13, 2024
    • Modified: Oct. 16, 2024
Showing 20 of 294842 Results