Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NONE
    CVE-2024-53561

    A remote code execution (RCE) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary code via a crafted request.... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 0.0

    NONE
    CVE-2024-57022

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sHour" parameter in setWiFiScheduleCfg.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 0.0

    NONE
    CVE-2025-22619

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `editar_permissoes.php` endpoint of the WeGIA application. This vulnerabili... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025

  • 0.0

    NONE
    CVE-2025-22618

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_cargo.php` endpoint of the WeGIA application. This vulnerability al... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025

  • 0.0

    NONE
    CVE-2025-22617

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `editar_socio.php` endpoint of the WeGIA application. This vulnerability al... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025

  • 0.0

    NONE
    CVE-2024-53563

    A stored cross-site scripting (XSS) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 0.0

    NONE
    CVE-2025-23081

    Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - DataTransfer Extension allows Cross Site Request Forgery, Cross-Site Scripting... Read more

    Affected Products : mediawiki
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 0.0

    NONE
    CVE-2025-22616

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `dependente_parentesco_adicionar.php` endpoint of the WeGIA application. This ... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025

  • 0.0

    NONE
    CVE-2025-21607

    Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover (0x1) and Identity (0x4), the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to mak... Read more

    Affected Products : vyper
    • Published: Jan. 14, 2025
    • Modified: Jan. 15, 2025

  • 0.0

    NONE
    CVE-2025-0193

    A stored Cross-site Scripting (XSS) vulnerability exists in the MGate 5121/5122/5123 Series firmware version v1.0 because of insufficient sanitization and encoding of user input in the "Login Message" functionality. An authenticated attacker with administ... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 0.0

    NONE
    CVE-2024-12297

    Moxa’s Ethernet switch EDS-508A Series, running firmware version 3.11 and earlier, is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the pr... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 0.0

    NONE
    CVE-2025-0437

    Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 0.0

    NONE
    CVE-2025-0502

    Transmission of Private Resources into a New Sphere ('Resource Leak') vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64 bit, ARM allows Directory Indexing, Resource Leak Exposure.This issue affects CrafterCMS: from 4.0.0 before 4.0.8, f... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 0.0

    NONE
    CVE-2024-57764

    MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 0.0

    NONE
    CVE-2024-57767

    MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 0.0

    NONE
    CVE-2024-57766

    MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 0.0

    NONE
    CVE-2024-57760

    JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 0.0

    NONE
    CVE-2024-53681

    In the Linux kernel, the following vulnerability has been resolved: nvmet: Don't overflow subsysnqn nvmet_root_discovery_nqn_store treats the subsysnqn string like a fixed size buffer, even though it is dynamically allocated to the size of the string. ... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 0.0

    NONE
    CVE-2024-54031

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext Access to genmask field in struct nft_set_ext results in unaligned atomic read: [ 72.130109] Unable to handle ker... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025

  • 0.0

    NONE
    CVE-2024-57795

    In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Remove the direct link to net_device The similar patch in siw is in the link: https://git.kernel.org/rdma/rdma/c/16b87037b48889 This problem also occurred in RXE. The followi... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
Showing 20 of 703 Results
© cvefeed.io
Latest DB Update: Jan. 15, 2025 19:02