Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2024-56733

    Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing sess... Read more

    Affected Products :
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 5.7

    MEDIUM
    CVE-2024-30629

    Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the list1 parameter from fromDhcpListClient function.... Read more

    Affected Products : fh1205_firmware fh1205
    • Published: Mar. 29, 2024
    • Modified: Mar. 13, 2025

  • 5.7

    MEDIUM
    CVE-2023-0028

    Cross-site Scripting (XSS) - Stored in GitHub repository linagora/twake prior to 2023.Q1.1200+. ... Read more

    Affected Products : twake
    • Published: Jan. 01, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-32312

    Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the adslPwd parameter of the formWanParameterSetting function.... Read more

    Affected Products : f1203_firmware f1203
    • Published: Apr. 17, 2024
    • Modified: Mar. 17, 2025

  • 5.7

    MEDIUM
    CVE-2024-3059

    The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack... Read more

    Affected Products : enl-newsletter
    • Published: Apr. 26, 2024
    • Modified: May. 07, 2025

  • 5.7

    MEDIUM
    CVE-2019-19754

    HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-09-26, the vendor indicated that th... Read more

    Affected Products :
    • Published: Apr. 30, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-36255

    Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper input validation on post actions which allows an attacker to run a playbook checklist task command as another user via creating and sharing a deceptive post acti... Read more

    Affected Products : mattermost_server mattermost
    • Published: May. 26, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-36094

    It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions.... Read more

    Affected Products : otrs
    • Published: Sep. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-35494

    The Rest API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition,... Read more

    • Published: Oct. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-41278

    Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. In affected versions broken encryption in app-functions-sdk “AES” transform in Ed... Read more

    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-8043

    The Vikinghammer Tweet WordPress plugin through 0.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : vikinghammer_tweet
    • Published: Sep. 17, 2024
    • Modified: Sep. 27, 2024

  • 5.7

    MEDIUM
    CVE-2022-24926

    Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.15-6 allows privileged attackers to trigger a XSS on a victim's devices.... Read more

    Affected Products : smarttagplugin
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-9539

    An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishin... Read more

    Affected Products : enterprise_server
    • Published: Oct. 11, 2024
    • Modified: Nov. 15, 2024

  • 5.7

    MEDIUM
    CVE-2024-46988

    Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, users might receive email notification with infor... Read more

    Affected Products : tuleap
    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024

  • 5.7

    MEDIUM
    CVE-2024-51521

    Input parameter verification vulnerability in the background service module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Nov. 05, 2024
    • Modified: Nov. 07, 2024

  • 5.7

    MEDIUM
    CVE-2024-51006

    Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_static_ip parameter in the ipv6_tunnel function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products : r8500_firmware r8500
    • Published: Nov. 05, 2024
    • Modified: Apr. 22, 2025

  • 5.7

    MEDIUM
    CVE-2024-52023

    Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe2.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 21, 2025

  • 5.7

    MEDIUM
    CVE-2024-52025

    Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at geniepppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST requ... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 21, 2025

  • 5.7

    MEDIUM
    CVE-2024-8978

    The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_register_user... Read more

    Affected Products : essential_addons_for_elementor
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 5.7

    MEDIUM
    CVE-2024-52711

    DI-8100 v16.07.26A1 is vulnerable to Buffer Overflow In the ip_position_asp function via the ip parameter.... Read more

    Affected Products : di-8100_firmware di-8100
    • Published: Nov. 19, 2024
    • Modified: Jun. 04, 2025
Showing 20 of 294836 Results