Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    CVSS31
    CVE-2024-52794

    Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this v... Read more

    Affected Products : discourse
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 2.2

    CVSS31
    CVE-2024-52589

    Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to ... Read more

    Affected Products : discourse
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 5.3

    CVSS31
    CVE-2024-49765

    Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest... Read more

    Affected Products : discourse
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 8.0

    CVSS31
    CVE-2024-12111

    In a specific scenario a LDAP user can abuse the authentication process in OpenText Privileged Access Manager that allows authentication bypass. This issue affects Privileged Access Manager version 23.3(4.4); 24.3(4.5)... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 8.6

    CVSS31
    CVE-2024-56200

    Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the ... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 0.0

    NONE
    CVE-2024-55196

    Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 5.7

    CVSS31
    CVE-2020-6923

    The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 6.2

    CVSS31
    CVE-2024-52897

    IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 5.3

    CVSS31
    CVE-2024-51471

    IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 6.5

    CVSS31
    CVE-2024-49336

    IBM Security Guardium 11.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 7.5

    CVSS31
    CVE-2024-38819

    Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to t... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 6.3

    CVSS31
    CVE-2024-12794

    A vulnerability, which was classified as critical, was found in Codezips E-Commerce Site 1.0. This affects an unknown part of the file /admin/editorder.php. The manipulation of the argument dstatus/quantity/ddate leads to sql injection. It is possible to ... Read more

    Affected Products : e-commerce_site
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 4.3

    CVSS31
    CVE-2024-12793

    A vulnerability, which was classified as problematic, has been found in PbootCMS up to 5.2.3. Affected by this issue is some unknown functionality of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to path tra... Read more

    Affected Products : pbootcms
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 7.3

    CVSS31
    CVE-2024-12792

    A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file newadmin.php. The manipulation of the argument email leads to sql injection. The attack can be launche... Read more

    Affected Products : e-commerce_site
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 7.3

    CVSS31
    CVE-2024-12791

    A vulnerability was found in Codezips E-Commerce Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file signin.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotel... Read more

    Affected Products : e-commerce_site
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024
Showing 20 of 155 Results
© cvefeed.io
Latest DB Update: Dec. 21, 2024 17:46