Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-40500

    Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component.... Read more

    Affected Products : i-librarian
    • Published: Aug. 12, 2024
    • Modified: Aug. 21, 2024

  • 9.0

    CRITICAL
    CVE-2024-35540

    A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : typecho
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 5.3

    MEDIUM
    CVE-2024-42369

    matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in... Read more

    Affected Products : javascript_sdk
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 8.7

    HIGH
    CVE-2024-6378

    A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products : 3dexperience
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-8003

    A vulnerability was found in Go-Tribe gotribe-admin 1.0 and classified as problematic. Affected by this issue is the function InitRoutes of the file internal/app/routes/routes.go of the component Log Handler. The manipulation leads to deserialization. The... Read more

    Affected Products : gotribe-admin
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-8005

    A vulnerability was found in demozx gf_cms 1.0/1.0.1. It has been classified as critical. This affects the function init of the file internal/logic/auth/auth.go of the component JWT Authentication. The manipulation leads to hard-coded credentials. It is p... Read more

    Affected Products : gf_cms
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-30949

    An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function.... Read more

    Affected Products : newlib
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-7945

    A vulnerability was found in itsourcecode Laravel Property Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/notes/create of the component Notes Page. The manipulation... Read more

    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 8.8

    HIGH
    CVE-2024-7944

    A vulnerability was found in itsourcecode Laravel Property Management System 1.0. It has been classified as critical. Affected is the function UpdateDocumentsRequest of the file DocumentsController.php. The manipulation leads to unrestricted upload. It is... Read more

    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 8.8

    HIGH
    CVE-2024-42577

    A Cross-Site Request Forgery (CSRF) in the component add_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.... Read more

    Affected Products : warehouse_inventory_system
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 7.5

    HIGH
    CVE-2024-7841

    A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System 1.0. This vulnerability affects unknown code of the file /pms/ajax/check_user_name.php. The manipulation of the argument user_name leads to sql injection.... Read more

    • Published: Aug. 15, 2024
    • Modified: Aug. 21, 2024

  • 6.9

    MEDIUM
    CVE-2024-7929

    A vulnerability, which was classified as problematic, was found in SourceCodester Simple Forum Website 1.0. This affects an unknown part of the file /registration.php of the component Signup Page. The manipulation of the argument username leads to cross s... Read more

    Affected Products : simple_forum_website
    • Published: Aug. 19, 2024
    • Modified: Aug. 21, 2024

  • 8.8

    HIGH
    CVE-2024-7930

    A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pms/ajax/get_packings.php. The manipulation of the argument medicine_id leads to sql in... Read more

    • Published: Aug. 19, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7946

    A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file register.php of the component User Signup. The manipulation of the argument ... Read more

    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7947

    A vulnerability classified as critical has been found in SourceCodester Point of Sales and Inventory Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument email leads to sql injection. It is possible t... Read more

    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-42335

    7Twenty - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : bot
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-42566

    School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the password parameter at login.php... Read more

    Affected Products : school_management_system
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-42567

    School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2.... Read more

    Affected Products : school_management_system
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-42570

    School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at admininsert.php.... Read more

    Affected Products : school_management_system
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-42574

    School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php.... Read more

    Affected Products : school_management_system
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024
Showing 20 of 291368 Results