Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-55215

    An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via the initialization interface /auth/register.... Read more

    Affected Products : trojan
    • Published: Feb. 07, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 8.0

    HIGH
    CVE-2024-57357

    An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build 20230427 allows a remote attacker to execute arbitrary code via function sub_4256CC, which allows command injection by injecting 'devpwd'.... Read more

    Affected Products : tl-wpa8630_firmware tl-wpa8630
    • Published: Feb. 07, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1186

    A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. The attack can be initi... Read more

    Affected Products : xunruicms
    • Published: Feb. 12, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-25205

    Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attacker... Read more

    Affected Products : audiobookshelf
    • Published: Feb. 12, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2024-54792

    A Cross-Site Request Forgery (CSRF) vulnerability has been found in SpagoBI v3.5.1 in the user administration panel. An authenticated user can lead another user into executing unwanted actions inside the application they are logged in, like adding, editin... Read more

    Affected Products : spagobi
    • Published: Jan. 21, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.1

    CRITICAL
    CVE-2024-54794

    The script input feature of SpagoBI 3.5.1 allows arbitrary code execution.... Read more

    Affected Products : spagobi
    • Published: Jan. 21, 2025
    • Modified: Jul. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-54795

    SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the create/edit forms of the worksheet designer function.... Read more

    Affected Products : spagobi
    • Published: Jan. 21, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-24420

    A reachable assertion in the decode_linked_ti_ie function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.... Read more

    Affected Products : magma
    • Published: Jan. 21, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2024-24421

    A type confusion in the nas_message_decode function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted NAS packet.... Read more

    Affected Products : magma
    • Published: Jan. 21, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-24717

    Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window allows Cross Site Request Forgery. This issue affects Modal Window: from n/a through 6.1.4.... Read more

    Affected Products : modal_window
    • Published: Jan. 24, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.7

    MEDIUM
    CVE-2024-33297

    Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name (Internal Name) field in the Add new campaign function... Read more

    Affected Products : microweber cockpit
    • Published: Jan. 10, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-33298

    Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=admin__backup... Read more

    Affected Products : microweber cockpit
    • Published: Jan. 10, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.7

    MEDIUM
    CVE-2024-33299

    Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the First Name and Last Name parameters in the endpoint /admin/module/view?type=users... Read more

    Affected Products : microweber cockpit
    • Published: Jan. 10, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-23082

    Veeam Backup for Microsoft Azure is vulnerable to Server-Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.... Read more

    Affected Products : veeam_backup_for_microsoft_azure
    • Published: Jan. 14, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.8

    MEDIUM
    CVE-2024-53620

    A cross-site scripting (XSS) vulnerability in the Article module of SPIP v4.3.3 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter.... Read more

    Affected Products : spip
    • Published: Nov. 26, 2024
    • Modified: Jul. 03, 2025

  • 4.8

    MEDIUM
    CVE-2024-35451

    LinkStack 2.7.9 through 4.7.7 allows resources\views\components\favicon.blade.php link SSRF.... Read more

    Affected Products : linkstack
    • Published: Nov. 29, 2024
    • Modified: Jul. 03, 2025

  • 9.1

    CRITICAL
    CVE-2024-31668

    rizin before v0.6.3 is vulnerable to Improper Neutralization of Special Elements via meta_set function in librz/analysis/meta.... Read more

    Affected Products : rizin
    • Published: Dec. 17, 2024
    • Modified: Jul. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-55239

    A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the 'titulo_documento' parameter.... Read more

    Affected Products : i-educar
    • Published: Dec. 18, 2024
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2024-11297

    The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated ... Read more

    Affected Products : page_restriction
    • Published: Dec. 20, 2024
    • Modified: Jul. 03, 2025

  • 7.8

    HIGH
    CVE-2024-43077

    In DevmemValidateFlags of devicemem_server.c , there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitati... Read more

    Affected Products : android
    • Published: Jan. 03, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293655 Results