Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-4349

    A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to u... Read more

    Affected Products : pisay_online_e-learning_system
    • Published: Apr. 30, 2024
    • Modified: Aug. 27, 2025

  • 8.1

    HIGH
    CVE-2024-4308

    SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/admin/view_users.php?id=1,/admin/viewloan-trans.php?id=1,/admin/... Read more

    Affected Products : hubbank
    • Published: Apr. 29, 2024
    • Modified: Aug. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-48956

    Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Aug. 27, 2025

  • 7.2

    HIGH
    CVE-2024-48889

    An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below, version 7.0.12 and below, version 6.4.14 and below and Fo... Read more

    Affected Products : fortimanager fortimanager_cloud
    • Published: Dec. 18, 2024
    • Modified: Aug. 27, 2025

  • 7.0

    HIGH
    CVE-2024-47975

    Improper access control validation in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access or an attacker with local access to potentially enable denial of service.... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Aug. 27, 2025

  • 6.4

    MEDIUM
    CVE-2024-45965

    Contao before 5.5.6 allows XSS via an SVG document. This affects (in contao/core-bundle in Composer) 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6.... Read more

    Affected Products : contao
    • Published: Oct. 02, 2024
    • Modified: Aug. 27, 2025

  • 5.5

    MEDIUM
    CVE-2024-45673

    IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be... Read more

    • Published: Feb. 21, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2024-43176

    IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users.... Read more

    • Published: Jan. 09, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-42471

    actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractE... Read more

    • Published: Sep. 02, 2024
    • Modified: Aug. 27, 2025

  • 7.1

    HIGH
    CVE-2024-41974

    A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Aug. 27, 2025

  • 8.1

    HIGH
    CVE-2024-41973

    A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Aug. 27, 2025

  • 6.5

    MEDIUM
    CVE-2024-41972

    A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Aug. 27, 2025

  • 8.1

    HIGH
    CVE-2024-41971

    A low privileged remote attacker can overwrite an arbitrary file on the filesystem leading to a DoS and data loss.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Aug. 27, 2025

  • 5.7

    MEDIUM
    CVE-2024-41970

    A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Aug. 27, 2025

  • 6.5

    MEDIUM
    CVE-2024-41968

    A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Aug. 27, 2025

  • 8.1

    HIGH
    CVE-2024-41967

    A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Aug. 27, 2025

  • 6.5

    MEDIUM
    CVE-2024-3911

    An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames.  ... Read more

    Affected Products :
    • Published: Apr. 23, 2024
    • Modified: Aug. 27, 2025

  • 5.7

    MEDIUM
    CVE-2024-3130

    Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app ... Read more

    Affected Products :
    • Published: Apr. 01, 2024
    • Modified: Aug. 27, 2025

  • 7.5

    HIGH
    CVE-2024-3088

    A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. This affects an unknown part of the file /admin/forgot-password.php of the component Forgot Password Page. The manipulation of the argument u... Read more

    Affected Products : emergency_ambulance_hiring_portal
    • Published: Mar. 30, 2024
    • Modified: Aug. 27, 2025

  • 7.5

    HIGH
    CVE-2024-3052

    Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the gateway.... Read more

    Affected Products : z\/ip_gateway_sdk
    • Published: Apr. 26, 2024
    • Modified: Aug. 27, 2025
Showing 20 of 293418 Results