Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-43776

    SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter.... Read more

    • Published: Sep. 02, 2024
    • Modified: Sep. 04, 2024

  • 8.8

    HIGH
    CVE-2024-43775

    SQL Injection in search course titles function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the search parameter.... Read more

    • Published: Sep. 02, 2024
    • Modified: Sep. 04, 2024

  • 8.8

    HIGH
    CVE-2024-43774

    SQL Injection in download personal learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the uid parameter.... Read more

    • Published: Sep. 02, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-43773

    SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter.... Read more

    • Published: Sep. 02, 2024
    • Modified: Sep. 04, 2024

  • 9.1

    CRITICAL
    CVE-2024-45588

    This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Preference module of the application. An authenticated remote attacker could exploit this vulnerability by manipulating para... Read more

    Affected Products : xts_mobile_trader xts_web_trader
    • Published: Sep. 03, 2024
    • Modified: Sep. 04, 2024

  • 9.1

    CRITICAL
    CVE-2024-45587

    This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remote attacker could exploit this vulnerability by manipulat... Read more

    Affected Products : xts_mobile_trader xts_web_trader
    • Published: Sep. 03, 2024
    • Modified: Sep. 04, 2024

  • 9.2

    CRITICAL
    CVE-2024-45586

    This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160). An authenticated remote attacker could exploit this vulnerability by manipulati... Read more

    Affected Products : xts_mobile_trader xts_web_trader
    • Published: Sep. 03, 2024
    • Modified: Sep. 04, 2024

  • 5.5

    MEDIUM
    CVE-2024-44946

    In the Linux kernel, the following vulnerability has been resolved: kcm: Serialise kcm_sendmsg() for the same socket. syzkaller reported UAF in kcm_release(). [0] The scenario is 1. Thread A builds a skb with MSG_MORE and sets kcm->seq_skb. 2. Th... Read more

    Affected Products : linux_kernel
    • Published: Aug. 31, 2024
    • Modified: Sep. 04, 2024

  • 5.5

    MEDIUM
    CVE-2024-43884

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pair_device() hci_conn_params_add() never checks for a NULL value and could lead to a NULL pointer dereference causing a crash. Fixed by adding e... Read more

    Affected Products : linux_kernel
    • Published: Aug. 26, 2024
    • Modified: Sep. 04, 2024

  • 5.5

    MEDIUM
    CVE-2024-43853

    In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proc_cpuset_show() An UAF can happen when /proc/cpuset is read as reported in [1]. This can be reproduced by the following methods: 1.add an mdelay(1000) ... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Sep. 04, 2024

  • 7.8

    HIGH
    CVE-2024-42314

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix extent map use-after-free when adding pages to compressed bio At add_ra_bio_pages() we are accessing the extent map to calculate 'add_size' after we dropped our reference on ... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-43772

    SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter.... Read more

    • Published: Sep. 02, 2024
    • Modified: Sep. 04, 2024

  • 6.9

    MEDIUM
    CVE-2024-8366

    A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?id=userProfileEdit of the component Update My Profile Page. The manipulation of the argum... Read more

    • Published: Aug. 31, 2024
    • Modified: Sep. 04, 2024

  • 8.8

    HIGH
    CVE-2024-8344

    A vulnerability has been found in Campcodes Supplier Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit_area.php. The manipulation of the argument id leads to sql injection.... Read more

    Affected Products : supplier_management_system
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 8.8

    HIGH
    CVE-2024-41226

    A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client si... Read more

    Affected Products : automation_360
    • Published: Aug. 06, 2024
    • Modified: Sep. 03, 2024

  • 6.7

    MEDIUM
    CVE-2024-39579

    Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.... Read more

    Affected Products : powerscale_onefs
    • Published: Aug. 31, 2024
    • Modified: Sep. 03, 2024

  • 6.3

    MEDIUM
    CVE-2024-39578

    Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.... Read more

    Affected Products : powerscale_onefs
    • Published: Aug. 31, 2024
    • Modified: Sep. 03, 2024

  • 6.1

    MEDIUM
    CVE-2024-5212

    The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_register_for... Read more

    Affected Products : tagdiv_composer composer
    • Published: Aug. 31, 2024
    • Modified: Sep. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-7936

    A vulnerability classified as critical has been found in itsourcecode Project Expense Monitoring System 1.0. This affects an unknown part of the file transferred_report.php. The manipulation of the argument start/end/employee leads to sql injection. It is... Read more

    Affected Products : project_expense_monitoring_system
    • Published: Aug. 20, 2024
    • Modified: Sep. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-7937

    A vulnerability classified as critical was found in itsourcecode Project Expense Monitoring System 1.0. This vulnerability affects unknown code of the file printtransfer.php. The manipulation of the argument transfer_id leads to sql injection. The attack ... Read more

    Affected Products : project_expense_monitoring_system
    • Published: Aug. 20, 2024
    • Modified: Sep. 03, 2024
Showing 20 of 290184 Results