Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    HIGH
    CVE-2024-13291

    Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4.... Read more

    Affected Products : basic_http_authentication
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2024-2859

    By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account.... Read more

    Affected Products : brocade_sannav
    • Published: Apr. 27, 2024
    • Modified: Sep. 02, 2025

  • 4.8

    MEDIUM
    CVE-2024-13292

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Tooltip allows Cross-Site Scripting (XSS).This issue affects Tooltip: from 0.0.0 before 1.1.2.... Read more

    Affected Products : tooltip
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.1

    LOW
    CVE-2024-13293

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal POST File allows Cross Site Request Forgery.This issue affects POST File: from 0.0.0 before 1.0.2.... Read more

    Affected Products : post_file
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2024-13294

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal POST File allows Cross-Site Scripting (XSS).This issue affects POST File: from 0.0.0 before 1.0.2.... Read more

    Affected Products : post_file
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.6

    MEDIUM
    CVE-2024-13295

    Deserialization of Untrusted Data vulnerability in Drupal Node export allows Object Injection.This issue affects Node export: from 7.X-* before 7.X-3.3.... Read more

    Affected Products : node_export
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2024-13298

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Tarte au Citron allows Cross-Site Scripting (XSS).This issue affects Tarte au Citron: from 2.0.0 before 2.0.5.... Read more

    Affected Products : tarte_au_citron
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.6

    MEDIUM
    CVE-2024-13299

    Vulnerability in Drupal Megamenu Framework.This issue affects Megamenu Framework: *.*.... Read more

    Affected Products : megamenu_framework
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025

  • 8.8

    HIGH
    CVE-2024-32878

    Llama.cpp is LLM inference in C/C++. There is a use of uninitialized heap variable vulnerability in gguf_init_from_file, the code will free this uninitialized variable later. In a simple POC, it will directly cause a crash. If the file is carefully constr... Read more

    Affected Products : llama.cpp llama.cpp
    • Published: Apr. 26, 2024
    • Modified: Sep. 02, 2025

  • 6.6

    MEDIUM
    CVE-2024-13300

    Vulnerability in Drupal Print Anything.This issue affects Print Anything: *.*.... Read more

    Affected Products : print_anything
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025

  • 6.1

    MEDIUM
    CVE-2024-13301

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client) allows Cross-Site Scripting (XSS).This issue affects OAuth & OpenID Connect Single... Read more

    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-13302

    Incorrect Authorization vulnerability in Drupal Pages Restriction Access allows Forceful Browsing.This issue affects Pages Restriction Access: from 2.0.0 before 2.0.3.... Read more

    Affected Products : pages_restriction_access
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2024-13303

    Missing Authorization vulnerability in Drupal Download All Files allows Forceful Browsing.This issue affects Download All Files: from 0.0.0 before 2.0.2.... Read more

    Affected Products : download_all_files
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-13310

    Vulnerability in Drupal Git Utilities for Drupal.This issue affects Git Utilities for Drupal: *.*.... Read more

    Affected Products : git_utilities
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025

  • 7.3

    HIGH
    CVE-2024-13311

    Vulnerability in Drupal Allow All File Extensions for file fields.This issue affects Allow All File Extensions for file fields: *.*.... Read more

    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2024-13275

    Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Drupal Security Kit allows HTTP DoS.This issue affects Security Kit: from 0.0.0 before 2.0.3.... Read more

    Affected Products : security_kit
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-13276

    Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.39.... Read more

    Affected Products : file_entity
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2024-13277

    Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.This issue affects Smart IP Ban: from 7.X-1.0 before 7.X-1.1.... Read more

    Affected Products : smart_ip_ban
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2024-13278

    Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0.... Read more

    Affected Products : diff
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-13279

    Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.8.0.... Read more

    Affected Products : two-factor_authentication
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication
Showing 20 of 292811 Results