Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-45932

    Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2.... Read more

    Affected Products : krayin_crm
    • Published: Oct. 07, 2024
    • Modified: Oct. 11, 2024

  • 6.1

    MEDIUM
    CVE-2024-28710

    Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.... Read more

    Affected Products : limesurvey
    • Published: Oct. 07, 2024
    • Modified: Mar. 25, 2025

  • 6.1

    MEDIUM
    CVE-2024-28709

    Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.... Read more

    Affected Products : limesurvey
    • Published: Oct. 07, 2024
    • Modified: Mar. 25, 2025

  • 7.8

    HIGH
    CVE-2024-9576

    Vulnerability in Distro Linux Workbooth v2.5 that allows to escalate privileges to the root user by manipulating the network configuration script.... Read more

    Affected Products : workbooth
    • Published: Oct. 07, 2024
    • Modified: Nov. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-9574

    SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.... Read more

    Affected Products : soplanning
    • Published: Oct. 07, 2024
    • Modified: Oct. 08, 2024

  • 6.5

    MEDIUM
    CVE-2024-9573

    SQL injection vulnerability in SOPlanning <1.45, through /soplanning/www/groupe_list.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server.... Read more

    Affected Products : soplanning
    • Published: Oct. 07, 2024
    • Modified: Oct. 08, 2024

  • 6.3

    MEDIUM
    CVE-2024-9572

    Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/groupe_save.php, in the groupe_id parameter. This could allow a remote user to send a specially crafted query to an au... Read more

    Affected Products : soplanning
    • Published: Oct. 07, 2024
    • Modified: Oct. 08, 2024

  • 6.3

    MEDIUM
    CVE-2024-9571

    Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/xajax_server.php, affecting multiple parameters. This could allow a remote user to send a specially crafted query to a... Read more

    Affected Products : soplanning
    • Published: Oct. 07, 2024
    • Modified: Oct. 08, 2024

  • 9.0

    HIGH
    CVE-2024-9569

    A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this vulnerability is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of the argument curTime leads to buffer over... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: Oct. 07, 2024
    • Modified: Oct. 09, 2024

  • 9.0

    HIGH
    CVE-2024-9568

    A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formAdvNetwork of the file /goform/formAdvNetwork. The manipulation of the argument curTime leads to buffer overflow. It is possible to launc... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: Oct. 07, 2024
    • Modified: Oct. 09, 2024

  • 6.6

    MEDIUM
    CVE-2024-45933

    OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint.... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Oct. 08, 2024

  • 7.3

    HIGH
    CVE-2023-6362

    A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow attackers to execute arbitrary code via a l... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Oct. 07, 2024

  • 7.3

    HIGH
    CVE-2023-6361

    A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow attackers to execute arbitrary code via a l... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Oct. 07, 2024

  • 9.0

    HIGH
    CVE-2024-9567

    A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. This issue affects the function formAdvFirewall of the file /goform/formAdvFirewall. The manipulation of the argument curTime leads to buffer overflow. The attac... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: Oct. 07, 2024
    • Modified: Oct. 09, 2024

  • 9.0

    HIGH
    CVE-2024-9566

    A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. This vulnerability affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The attack can... Read more

    Affected Products : dir-619l_firmware
    • Published: Oct. 07, 2024
    • Modified: Oct. 09, 2024

  • 5.5

    MEDIUM
    CVE-2024-46325

    TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url.... Read more

    Affected Products : wr740n_firmware wr740n
    • Published: Oct. 07, 2024
    • Modified: Jun. 02, 2025

  • 5.4

    MEDIUM
    CVE-2024-45153

    Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Oct. 07, 2024
    • Modified: Dec. 02, 2024

  • 7.8

    HIGH
    CVE-2024-43047

    Memory corruption while maintaining memory maps of HLOS memory.... Read more

    • Actively Exploited
    • Published: Oct. 07, 2024
    • Modified: Aug. 11, 2025

  • 6.7

    MEDIUM
    CVE-2024-42027

    The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources.... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Oct. 07, 2024

  • 6.1

    MEDIUM
    CVE-2024-38425

    Information disclosure while sending implicit broadcast containing APP launch information.... Read more

    • Published: Oct. 07, 2024
    • Modified: Oct. 16, 2024
Showing 20 of 294863 Results