Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-41369

    RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWifi.php... Read more

    Affected Products : phoniebox
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-8341

    A vulnerability classified as critical was found in SourceCodester Petshop Management System 1.0. This vulnerability affects unknown code of the file /controllers/add_user.php. The manipulation of the argument avatar leads to unrestricted upload. The atta... Read more

    • Published: Aug. 30, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-8340

    A vulnerability classified as critical has been found in SourceCodester Electric Billing Management System 1.0. This affects an unknown part of the file /Actions.php?a=login. The manipulation of the argument username leads to sql injection. It is possible... Read more

    • Published: Aug. 30, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-8339

    A vulnerability was found in SourceCodester Electric Billing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /?page=tracks of the component Connection Code Handler. The manipulation of... Read more

    • Published: Aug. 30, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-8336

    A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. Affected by this vulnerability is an unknown functionality of the file /php-music/classes/Master.php?f=delete_music. The manipulation of the argument id leads to sq... Read more

    Affected Products : music_gallery_site
    • Published: Aug. 30, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-41372

    Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php.... Read more

    Affected Products : organizr
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-41371

    Organizr v1.90 is vulnerable to Cross Site Scripting (XSS) via api.php.... Read more

    Affected Products : organizr
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-41370

    Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php.... Read more

    Affected Products : organizr
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-41351

    bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/getContent.php... Read more

    Affected Products : bjyadmin
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-41350

    bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/imageUp.php... Read more

    Affected Products : bjyadmin
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-41348

    openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/alsearch.php... Read more

    Affected Products : openflights
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-41347

    openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/settings.php... Read more

    Affected Products : openflights
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-41346

    openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/submit.php... Read more

    Affected Products : openflights
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-43965

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4.... Read more

    Affected Products : sendgrid
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-6671

    In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.... Read more

    Affected Products : whatsup_gold
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-8389

    Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130.... Read more

    Affected Products : firefox
    • Published: Sep. 03, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-44921

    SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del.... Read more

    Affected Products : seacms
    • Published: Sep. 03, 2024
    • Modified: Sep. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-44920

    A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter.... Read more

    Affected Products : seacms
    • Published: Sep. 03, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-8380

    A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0. It has been rated as critical. This issue affects some unknown processing of the file /endpoint/delete-account.php of the component Delete Contact Handler. The manipulatio... Read more

    • Published: Sep. 03, 2024
    • Modified: Sep. 04, 2024

  • 8.7

    HIGH
    CVE-2024-8004

    A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products : 3dexperience 3dexperience_enovia
    • Published: Sep. 02, 2024
    • Modified: Sep. 04, 2024
Showing 20 of 291906 Results