Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-46076

    RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code.... Read more

    Affected Products : ruoyi
    • Published: Oct. 07, 2024
    • Modified: May. 15, 2025

  • 5.7

    MEDIUM
    CVE-2024-44674

    D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub_24E28, the HTTP_REFERER is obtained through an environment variable, and this field is controllable, allowing it to be used as the value for src.... Read more

    Affected Products : covr-2600r_firmware covr-2600r
    • Published: Oct. 07, 2024
    • Modified: May. 21, 2025

  • 6.1

    MEDIUM
    CVE-2024-42831

    A reflected cross-site scripting (XSS) vulnerability in Elaine's Realtime CRM Automation v6.18.17 allows attackers to execute arbitrary JavaScript code in the web browser of a user via injecting a crafted payload into the dialog parameter at wrapper_dialo... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2024-46300

    itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php.... Read more

    Affected Products : placement_management_system
    • Published: Oct. 07, 2024
    • Modified: Oct. 10, 2024

  • 8.8

    HIGH
    CVE-2024-27458

    A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to u... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Oct. 07, 2024

  • 9.0

    HIGH
    CVE-2024-9570

    A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formEasySetTimezone of the file /goform/formEasySetTimezone. The manipulation of the argument curTime leads to buffer overflow. The att... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: Oct. 07, 2024
    • Modified: Oct. 09, 2024

  • 9.8

    CRITICAL
    CVE-2024-46446

    Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover.... Read more

    Affected Products : mecha
    • Published: Oct. 07, 2024
    • Modified: Oct. 11, 2024

  • 8.4

    HIGH
    CVE-2024-46278

    Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console.... Read more

    Affected Products : teedy
    • Published: Oct. 07, 2024
    • Modified: Jun. 04, 2025

  • 8.8

    HIGH
    CVE-2024-46041

    IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay.... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Oct. 07, 2024

  • 6.5

    MEDIUM
    CVE-2024-46040

    IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration. The lack of validation of the authentication token at the IoT Haat during the Access Point Pairing mode leads the attacker to replay the Wi-Fi packets and fo... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Nov. 04, 2024

  • 7.1

    HIGH
    CVE-2024-45932

    Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2.... Read more

    Affected Products : krayin_crm
    • Published: Oct. 07, 2024
    • Modified: Oct. 11, 2024

  • 6.1

    MEDIUM
    CVE-2024-28710

    Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.... Read more

    Affected Products : limesurvey
    • Published: Oct. 07, 2024
    • Modified: Mar. 25, 2025

  • 6.1

    MEDIUM
    CVE-2024-28709

    Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.... Read more

    Affected Products : limesurvey
    • Published: Oct. 07, 2024
    • Modified: Mar. 25, 2025

  • 7.8

    HIGH
    CVE-2024-9576

    Vulnerability in Distro Linux Workbooth v2.5 that allows to escalate privileges to the root user by manipulating the network configuration script.... Read more

    Affected Products : workbooth
    • Published: Oct. 07, 2024
    • Modified: Nov. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-9574

    SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.... Read more

    Affected Products : soplanning
    • Published: Oct. 07, 2024
    • Modified: Oct. 08, 2024

  • 6.5

    MEDIUM
    CVE-2024-9573

    SQL injection vulnerability in SOPlanning <1.45, through /soplanning/www/groupe_list.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server.... Read more

    Affected Products : soplanning
    • Published: Oct. 07, 2024
    • Modified: Oct. 08, 2024

  • 6.3

    MEDIUM
    CVE-2024-9572

    Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/groupe_save.php, in the groupe_id parameter. This could allow a remote user to send a specially crafted query to an au... Read more

    Affected Products : soplanning
    • Published: Oct. 07, 2024
    • Modified: Oct. 08, 2024

  • 6.3

    MEDIUM
    CVE-2024-9571

    Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/xajax_server.php, affecting multiple parameters. This could allow a remote user to send a specially crafted query to a... Read more

    Affected Products : soplanning
    • Published: Oct. 07, 2024
    • Modified: Oct. 08, 2024

  • 9.0

    HIGH
    CVE-2024-9569

    A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this vulnerability is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of the argument curTime leads to buffer over... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: Oct. 07, 2024
    • Modified: Oct. 09, 2024

  • 9.0

    HIGH
    CVE-2024-9568

    A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formAdvNetwork of the file /goform/formAdvNetwork. The manipulation of the argument curTime leads to buffer overflow. It is possible to launc... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: Oct. 07, 2024
    • Modified: Oct. 09, 2024
Showing 20 of 294853 Results