Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-56946

    Denial of service in DNS-over-QUIC in Technitium DNS Server <= v13.2.2 allows remote attackers to permanently stop the server from accepting new DNS-over-QUIC connections by triggering unhandled exceptions in listener threads.... Read more

    Affected Products : dnsserver
    • Published: Feb. 03, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-56921

    An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of gmm_state_exception() function upon receipt of the Nausf_UEAuthentication_Authenticate response.... Read more

    Affected Products : open5gs
    • Published: Feb. 03, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2024-12859

    The BoomBox Theme Extensions plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.8.0 via the 'boombox_listing' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Path Traversal

  • 7.6

    HIGH
    CVE-2024-12511

    With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2024-11134

    The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eventer_export_bookings_csv' function in all versions up to, and including, 3.9.9. This makes it possible for authenticated attackers w... Read more

    Affected Products : eventer eventer
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2024-11133

    The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_pdf_download_request' function in all versions up to, and including, 3.9.9. This makes it possible for unauthenticated attackers... Read more

    Affected Products : eventer eventer
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2024-11132

    The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authent... Read more

    Affected Products : eventer eventer
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2024-57238

    Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc/proc_get endpoint. The vulnerability allows an attacker to manipulate SQL queries by injecting malicious SQL code into the order_by parameter.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2024-57237

    Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross Site Scripting (XSS) in the /reqproc/proc_get endpoint. The vulnerability arises because the cmd parameter does not properly sanitize input and the response is served with a Content-Typ... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-57004

    Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-50656

    itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php.... Read more

    Affected Products : placement_management_system
    • Published: Feb. 03, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2024-12510

    If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-24898

    rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions `ssl::select_next_proto` can return a slice pointing into the `server` argument's buffer but with a lifetime bound to the `client` argument. In situations wh... Read more

    Affected Products : openssl rust-openssl
    • Published: Feb. 03, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 4.2

    MEDIUM
    CVE-2024-57967

    PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mapping.... Read more

    Affected Products : privileged_access_manager
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-57175

    A Stored Cross-Site Scripting (XSS) vulnerability was identified in the PHPGURUKUL Online Birth Certificate System v1.0 via the profile name to /user/certificate-form.php.... Read more

    Affected Products : online_birth_certificate_system
    • Published: Feb. 03, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2024-56161

    Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2024-54840

    PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection.... Read more

    Affected Products : privileged_access_manager
    • Published: Feb. 03, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2024-53943

    An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to XSS via the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute JavaScript within the context of the current u... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-53942

    An issue was discovered on NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to command injection via the 2.4 GHz and 5 GHz name parameters, allowing a remote attacker to execute arbitrary OS commands on t... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-36437

    The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.enflick.an... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authorization
Showing 20 of 291269 Results