Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-43963

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WaspThemes YellowPencil Visual CSS Style Editor allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through 7.6... Read more

    Affected Products : yellowpencil
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 9.1

    CRITICAL
    CVE-2024-45436

    extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.... Read more

    Affected Products : ollama
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 6.1

    MEDIUM
    CVE-2024-41918

    'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent ... Read more

    Affected Products : ichiba
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 7.2

    HIGH
    CVE-2024-41236

    A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page... Read more

    • Published: Aug. 28, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-34195

    TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the wlan_ssid field. This oversight leads to poten... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Aug. 28, 2024
    • Modified: Aug. 30, 2024

  • 8.0

    HIGH
    CVE-2024-42793

    A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page.... Read more

    Affected Products : music_management_system
    • Published: Aug. 28, 2024
    • Modified: Aug. 30, 2024

  • 7.6

    HIGH
    CVE-2024-43805

    jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using Jupy... Read more

    Affected Products : notebook jupyterlab
    • Published: Aug. 28, 2024
    • Modified: Aug. 30, 2024

  • 8.8

    HIGH
    CVE-2024-8193

    Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome
    • Published: Aug. 28, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-29723

    SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/co... Read more

    Affected Products : sportsnet
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-29724

    SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/ax... Read more

    Affected Products : sportsnet
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-29725

    SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/ap... Read more

    Affected Products : sportsnet
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-29726

    SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/ap... Read more

    Affected Products : sportsnet
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-29728

    SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/a... Read more

    Affected Products : sportsnet
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-29729

    SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/ap... Read more

    Affected Products : sportsnet
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-29730

    SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query:  https://XXXXXXX.saludydesafio.com/a... Read more

    Affected Products : sportsnet
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-29731

    SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query:  https://XXXXXXX.saludydesafio.com/a... Read more

    Affected Products : sportsnet
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-4428

    Improper Privilege Management vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users.This issue affects Managment Portal: through 21.05.2024.... Read more

    Affected Products : managment_portal
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-29727

    SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/a... Read more

    Affected Products : sportsnet
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-8294

    A vulnerability, which was classified as critical, was found in FeehiCMS up to 2.1.1. This affects the function update of the file /admin/index.php?r=friendly-link%2Fupdate. The manipulation of the argument FriendlyLink[image] leads to unrestricted upload... Read more

    Affected Products : feehicms
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-8295

    A vulnerability has been found in FeehiCMS up to 2.1.1 and classified as critical. This vulnerability affects the function createBanner of the file /admin/index.php?r=banner%2Fbanner-create. The manipulation of the argument BannerForm[img] leads to unrest... Read more

    Affected Products : feehicms
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024
Showing 20 of 290171 Results