Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2024-47848

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - PageTriage allows Authentication Bypass.This issue affects Mediawiki - PageTriage: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from ... Read more

    Affected Products :
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 5.3

    MEDIUM
    CVE-2024-47913

    An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view t... Read more

    Affected Products : mediawiki abusefilter
    • Published: Oct. 04, 2024
    • Modified: Jun. 17, 2025

  • 7.2

    HIGH
    CVE-2024-47911

    In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands.... Read more

    Affected Products : sonarqube
    • Published: Oct. 04, 2024
    • Modified: Sep. 04, 2025

  • 7.2

    HIGH
    CVE-2024-47910

    An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT.... Read more

    Affected Products :
    • Published: Oct. 04, 2024
    • Modified: Oct. 07, 2024

  • 8.8

    HIGH
    CVE-2024-37869

    File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using the "$- FILES" variable... Read more

    Affected Products : online_discussion_forum
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 8.8

    HIGH
    CVE-2024-37868

    File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received using the "$- FILES" variable.... Read more

    Affected Products : online_discussion_forum
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 8.8

    HIGH
    CVE-2024-9054

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue... Read more

    • Published: Oct. 04, 2024
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2024-7801

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.... Read more

    • Published: Oct. 04, 2024
    • Modified: Oct. 17, 2024

  • 6.9

    MEDIUM
    CVE-2024-47764

    cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alte... Read more

    Affected Products : cookie
    • Published: Oct. 04, 2024
    • Modified: Oct. 07, 2024

  • 7.7

    HIGH
    CVE-2024-43687

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7.... Read more

    • Published: Oct. 04, 2024
    • Modified: Oct. 16, 2024

  • 6.1

    MEDIUM
    CVE-2024-43686

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.... Read more

    • Published: Oct. 04, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-43685

    Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.... Read more

    • Published: Oct. 04, 2024
    • Modified: Aug. 29, 2025

  • 8.8

    HIGH
    CVE-2024-43684

    Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0.... Read more

    • Published: Oct. 04, 2024
    • Modified: Aug. 29, 2025

  • 8.7

    HIGH
    CVE-2024-43683

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0.... Read more

    • Published: Oct. 04, 2024
    • Modified: Nov. 01, 2024

  • 7.5

    HIGH
    CVE-2024-46078

    itsourcecode Sports Management System Project 1.0 is vulnerable to SQL Injection in the function delete_category of the file sports_scheduling/player.php via the argument id.... Read more

    • Published: Oct. 04, 2024
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2024-46077

    itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the val-username, val-email, val-suggestions, val-digits and state_name parameters in travellers.php.... Read more

    • Published: Oct. 04, 2024
    • Modified: Apr. 28, 2025

  • 6.5

    MEDIUM
    CVE-2023-26771

    Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious pict... Read more

    Affected Products : taskcafe
    • Published: Oct. 04, 2024
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-26770

    TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user.... Read more

    Affected Products : taskcafe
    • Published: Oct. 04, 2024
    • Modified: May. 27, 2025

  • 6.1

    MEDIUM
    CVE-2024-8149

    There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s brow... Read more

    Affected Products : portal_for_arcgis
    • Published: Oct. 04, 2024
    • Modified: Jan. 30, 2025

  • 6.1

    MEDIUM
    CVE-2024-8148

    There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.... Read more

    Affected Products : portal_for_arcgis
    • Published: Oct. 04, 2024
    • Modified: Apr. 10, 2025
Showing 20 of 294860 Results