Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-41516

    A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.aspx" CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "bomid" parameter.... Read more

    Affected Products : cadclick
    • Published: Oct. 04, 2024
    • Modified: Jun. 02, 2025

  • 5.4

    MEDIUM
    CVE-2024-41515

    A reflected cross-site scripting (XSS) vulnerability in "ccHandlerResource.ashx" in CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "res_url" parameter.... Read more

    Affected Products : cadclick
    • Published: Oct. 04, 2024
    • Modified: Jun. 02, 2025

  • 5.4

    MEDIUM
    CVE-2024-41514

    A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter.... Read more

    Affected Products : cadclick
    • Published: Oct. 04, 2024
    • Modified: Jun. 02, 2025

  • 5.4

    MEDIUM
    CVE-2024-41513

    A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "searchindex" parameter.... Read more

    Affected Products : cadclick
    • Published: Oct. 04, 2024
    • Modified: Jun. 02, 2025

  • 8.8

    HIGH
    CVE-2024-41512

    A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter.... Read more

    Affected Products : cadclick
    • Published: Oct. 04, 2024
    • Modified: Jun. 02, 2025

  • 3.9

    LOW
    CVE-2024-41511

    A Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary local files via the "path" parameter.... Read more

    Affected Products : cadclick
    • Published: Oct. 04, 2024
    • Modified: Jun. 02, 2025

  • 7.5

    HIGH
    CVE-2024-38040

    There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files.... Read more

    Affected Products : portal_for_arcgis
    • Published: Oct. 04, 2024
    • Modified: Apr. 10, 2025

  • 5.4

    MEDIUM
    CVE-2024-38039

    There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change ... Read more

    Affected Products : portal_for_arcgis
    • Published: Oct. 04, 2024
    • Modified: Oct. 15, 2024

  • 6.1

    MEDIUM
    CVE-2024-38038

    There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.... Read more

    Affected Products : portal_for_arcgis
    • Published: Oct. 04, 2024
    • Modified: Apr. 10, 2025

  • 6.1

    MEDIUM
    CVE-2024-38037

    There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.... Read more

    Affected Products : portal_for_arcgis
    • Published: Oct. 04, 2024
    • Modified: Apr. 10, 2025

  • 5.4

    MEDIUM
    CVE-2024-38036

    There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s b... Read more

    Affected Products : portal_for_arcgis
    • Published: Oct. 04, 2024
    • Modified: Apr. 10, 2025

  • 4.8

    MEDIUM
    CVE-2024-25707

    There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript c... Read more

    Affected Products : linux_kernel windows portal_for_arcgis
    • Published: Oct. 04, 2024
    • Modified: Oct. 15, 2024

  • 4.8

    MEDIUM
    CVE-2024-25702

    There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked co... Read more

    Affected Products : portal_for_arcgis
    • Published: Oct. 04, 2024
    • Modified: Apr. 10, 2025

  • 4.8

    MEDIUM
    CVE-2024-25701

    There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Experience Builder versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the Experience Builder Embed wi... Read more

    Affected Products : portal_for_arcgis
    • Published: Oct. 04, 2024
    • Modified: Apr. 10, 2025

  • 4.8

    MEDIUM
    CVE-2024-25694

    There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the Layer Showcase application configuration which... Read more

    Affected Products : portal_for_arcgis
    • Published: Oct. 04, 2024
    • Modified: Apr. 10, 2025

  • 6.1

    MEDIUM
    CVE-2024-25691

    There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s bro... Read more

    Affected Products : portal_for_arcgis
    • Published: Oct. 04, 2024
    • Modified: Apr. 10, 2025

  • 8.0

    HIGH
    CVE-2024-46486

    TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function.... Read more

    Affected Products : tl-wdr5620_firmware tl-wdr5620
    • Published: Oct. 04, 2024
    • Modified: Aug. 15, 2025

  • 5.4

    MEDIUM
    CVE-2024-46409

    A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page.... Read more

    Affected Products : seeddms
    • Published: Oct. 04, 2024
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2024-47769

    IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference usage here, it is identified that the public endpoint is accessible to an unauthenticated user. The user's input is ... Read more

    Affected Products : idurar
    • Published: Oct. 04, 2024
    • Modified: Nov. 13, 2024

  • 8.1

    HIGH
    CVE-2024-47768

    Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email an... Read more

    • Published: Oct. 04, 2024
    • Modified: Nov. 13, 2024
Showing 20 of 294858 Results