Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 8.8

    CVSS31
    CVE-2023-29117

    Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system.... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 05, 2024
  • 8.8

    CVSS31
    CVE-2024-51023

    D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 05, 2024
  • 8.8

    CVSS31
    CVE-2024-48878

    Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.... Read more

    Affected Products : manageengine_admanager_plus
    • Published: Nov. 04, 2024
    • Modified: Nov. 05, 2024
  • 8.8

    CVSS31
    CVE-2024-50332

    SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Insufficient input value validation causes Blind SQL injection in DeleteRelationShip. This issue has been addressed in versions 7.14.6 and 8.7.1. Use... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 05, 2024
  • 8.8

    CVSS31
    CVE-2023-34444

    Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.searchform.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. The... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 05, 2024
  • 8.8

    CVSS31
    CVE-2023-34445

    Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.render.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There a... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 05, 2024
  • 8.8

    CVSS31
    CVE-2024-10711

    The WooCommerce Report plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unau... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 05, 2024
  • 8.8

    CVSS31
    CVE-2024-31448

    Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting (XSS) attack can be performed when importing this content. This issue has been fixed in versions 3.1.2 and 3.2.0. All users... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 05, 2024
  • 8.8

    CVSS31
    CVE-2023-34443

    Combodo iTop is a simple, web based IT Service Management tool. When displaying page Run queries Cross-site Scripting (XSS) are possible for scripts outside of script tags. This has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgr... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 05, 2024
  • 8.8

    CVSS31
    CVE-2024-49772

    SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 05, 2024
  • 8.8

    CVSS31
    CVE-2024-30616

    Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Non-admin users can manipulate sensitive profiles information, posing a significant risk to data integrity.... Read more

    Affected Products :
    • Published: Nov. 04, 2024
    • Modified: Nov. 05, 2024
  • 8.8

    CVSS31
    CVE-2024-31998

    Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerabilit... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 05, 2024
  • 8.5

    CVSS31
    CVE-2024-51408

    AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials.... Read more

    Affected Products :
    • Published: Nov. 04, 2024
    • Modified: Nov. 05, 2024
  • 8.5

    CVSS31
    CVE-2024-51626

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mansur Ahamed Woocommerce Quote Calculator allows Blind SQL Injection.This issue affects Woocommerce Quote Calculator: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Nov. 04, 2024
    • Modified: Nov. 04, 2024
  • 8.4

    CVSS31
    CVE-2024-47797

    in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 05, 2024
  • 8.4

    CVSS31
    CVE-2024-47137

    in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 05, 2024
  • 8.4

    CVSS31
    CVE-2024-47404

    in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double free.... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 05, 2024
  • 8.4

    CVSS31
    CVE-2024-48336

    The install() function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional privileges to silently execute arbitrary code in the Magisk app... Read more

    Affected Products :
    • Published: Nov. 04, 2024
    • Modified: Nov. 04, 2024
  • 8.3

    CVSS31
    CVE-2024-9459

    Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module.... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 05, 2024
  • 8.2

    CVSS31
    CVE-2024-38408

    Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.... Read more

    Affected Products :
    • Published: Nov. 04, 2024
    • Modified: Nov. 04, 2024
Showing 20 of 348 Results
© cvefeed.io
Latest DB Update: Nov. 06, 2024 7:14