Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 3.5

    CVSS31
    CVE-2024-6954

    A vulnerability was found in SourceCodester Record Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file sort1.php. The manipulation of the argument position leads to cross site ... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
  • 6.3

    CVSS31
    CVE-2024-6953

    A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. This issue affects some unknown processing of the file sms.php. The manipulation of the argument customer leads to sql injection. The attack may be initi... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
  • 6.3

    CVSS31
    CVE-2024-6952

    A vulnerability has been found in itsourcecode University Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view_single_result.php?vr=123321&vn=mirage. The manipulation of the argument seme leads to sql... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
  • 5.9

    CVSS31
    CVE-2024-6961

    RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the S... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
  • 6.3

    CVSS31
    CVE-2024-6951

    A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System 1.0. This affects an unknown part of the file admin_delete.php. The manipulation of the argument bookisbn leads to sql injection. It is possible... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
  • 6.3

    CVSS31
    CVE-2024-6950

    A vulnerability, which was classified as critical, has been found in Prain up to 1.3.0. Affected by this issue is some unknown functionality of the file /?import of the component HTTP POST Request Handler. The manipulation of the argument file leads to co... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
  • 7.5

    CVSS31
    CVE-2024-6960

    The H2O machine learning platform uses "Iced" classes as the primary means of moving Java Objects around the cluster. The Iced format supports inclusion of serialized Java objects. When a model is deserialized, any class is allowed to be deserialized (no ... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
  • 4.3

    CVSS31
    CVE-2024-6949

    A vulnerability classified as problematic was found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120. Affected by this vulnerability is an unknown functionality of the file /pages.php?edit=News. The manipulation leads to path traversal. The a... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
  • 6.3

    CVSS31
    CVE-2024-6948

    A vulnerability classified as critical has been found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120. Affected is an unknown function of the file /slideeditor.php of the component Slide Editor. The manipulation of the argument newSlideFile ... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
  • 4.7

    CVSS31
    CVE-2024-6947

    A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been rated as critical. This issue affects the function replaceContent of the file app/Core/Support/ContentParser.php of the component Notification Handler. The manipulation leads to code inject... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
  • 4.7

    CVSS31
    CVE-2024-6946

    A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been declared as critical. This vulnerability affects unknown code of the file /admin/pages/list. The manipulation of the argument blocks leads to code injection. The attack can be initiated rem... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
  • 6.3

    CVSS31
    CVE-2024-6945

    A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been classified as critical. This affects an unknown part of the file app/Core/Http/Controllers/Profile/ImagesController.php of the component Avatar Upload Page. The manipulation of the argument... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
  • 6.3

    CVSS31
    CVE-2024-6944

    A vulnerability was found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this issue is the function get_image_base64 of the file PublicController.php. The manipulation of the argument file leads to deserialization. The attack m... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
  • 9.8

    CVSS31
    CVE-2024-38438

    D-Link - CWE-294: Authentication Bypass by Capture-replay... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
  • 9.8

    CVSS31
    CVE-2024-38437

    D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
  • 6.1

    CVSS31
    CVE-2024-38436

    Commugen SOX 365 – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
  • 6.5

    CVSS31
    CVE-2024-38435

    Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
  • 5.9

    CVSS31
    CVE-2024-37522

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dario Curasì CC & BCC for Woocommerce Order Emails allows Stored XSS.This issue affects CC & BCC for Woocommerce Order Emails: from n/a through 1.... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
  • 6.5

    CVSS31
    CVE-2024-37521

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in zwwooooo zBench allows Stored XSS.This issue affects zBench: from n/a through 1.4.2.... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
  • 6.5

    CVSS31
    CVE-2024-37519

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Leap13 Premium Blocks – Gutenberg Blocks for WordPress allows Stored XSS.This issue affects Premium Blocks – Gutenberg Blocks for WordPress: from ... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
Showing 20 of 124 Results