Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NONE
    CVE-2025-23037

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `control.php` endpoint of the WeGIA application. This vulnerability allows att... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 0.0

    NONE
    CVE-2024-53263

    Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without checking for embedded line-ending control characters, and ... Read more

    Affected Products : git_large_file_storage
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 0.0

    NONE
    CVE-2025-22984

    An access control issue in the component /api/squareComment/DelectSquareById of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information.... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 0.0

    NONE
    CVE-2025-22983

    An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information.... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 0.0

    NONE
    CVE-2024-53561

    A remote code execution (RCE) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary code via a crafted request.... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 0.0

    NONE
    CVE-2024-53563

    A stored cross-site scripting (XSS) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 0.0

    NONE
    CVE-2025-23081

    Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - DataTransfer Extension allows Cross Site Request Forgery, Cross-Site Scripting... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 0.0

    NONE
    CVE-2025-21607

    Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover (0x1) and Identity (0x4), the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to mak... Read more

    Affected Products : vyper
    • Published: Jan. 14, 2025
    • Modified: Jan. 15, 2025

  • 0.0

    NONE
    CVE-2024-52006

    Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and G... Read more

    Affected Products : git
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 0.0

    NONE
    CVE-2024-50349

    Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt (i.e. without using any credential h... Read more

    Affected Products : git
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 0.0

    NONE
    CVE-2025-23042

    Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List (ACL) for file paths can be bypassed by altering the letter ca... Read more

    Affected Products : gradio
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 0.0

    NONE
    CVE-2025-23072

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - RefreshSpecial Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - RefreshSpecial Extensio... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 0.0

    NONE
    CVE-2025-23074

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - SocialProfile Extension allows Functionality Misuse.This issue affects Mediawiki - SocialProfile Extension: from 1.39.X before 1.39.11, from 1.41.... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 0.0

    NONE
    CVE-2025-23073

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - GlobalBlocking Extension allows Retrieve Embedded Sensitive Data. This issue briefly impacted the master branch of MediaWiki’s GlobalBlocking Ext... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 15, 2025

  • 0.0

    NONE
    CVE-2024-46310

    Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025

  • 0.0

    NONE
    CVE-2024-46921

    An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, Modem 5123, Modem 5300, Modem 5400. UE does not limit the number of attempts for the RRC Setup procedur... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025

  • 0.0

    NONE
    CVE-2025-22142

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a s... Read more

    Affected Products : nameless
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025

  • 0.0

    NONE
    CVE-2025-23027

    next-forge is a Next.js project boilerplate for modern web application. The BASEHUB_TOKEN commited in apps/web/.env.example. Users should avoid use of this token and should remove any access it may have in their systems.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025

  • 0.0

    NONE
    CVE-2025-22144

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved b... Read more

    Affected Products : nameless
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025

  • 0.0

    NONE
    CVE-2025-22138

    @codidact/qpixel is a Q&A-based community knowledge-sharing software. In affected versions when a category is set to private or limited-visibility within QPixel's admin tools, suggested edits within this category can still be viewed by unprivileged or ano... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
Showing 20 of 685 Results
© cvefeed.io
Latest DB Update: Jan. 15, 2025 16:58