Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.6

    MEDIUM
    CVE-2024-47770

    Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. This vulnerability occurs when the system has... Read more

    Affected Products : wazuh
    • Published: Feb. 03, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-35177

    Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. The wazuh-agent for Windows is vulnerable to ... Read more

    Affected Products : wazuh
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-24962

    reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit `c28e5c8d` and is expected in the next versioned release. Users are... Read more

    Affected Products : rengine
    • Published: Feb. 03, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 6.0

    MEDIUM
    CVE-2025-24961

    org.gaul S3Proxy implements the S3 API and proxies requests. Users of the filesystem and filesystem-nio2 storage backends could unintentionally expose local files to users. This issue has been addressed in version 2.6.0. Users are advised to upgrade. Ther... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2025-24960

    Jellystat is a free and open source Statistics App for Jellyfin. In affected versions Jellystat is directly using a user input in the route(s). This can lead to Path Traversal Vulnerabilities. Since this functionality is only for admin(s), there is very l... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Path Traversal

  • 1.0

    LOW
    CVE-2025-24959

    zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into `process.env`. This can lead to arbitrary command execution or unexpected behavior in applications that rel... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-24899

    reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from othe... Read more

    Affected Products : rengine
    • Published: Feb. 03, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2025-24370

    Django-Unicorn adds modern reactive component functionality to Django templates. Affected versions of Django-Unicorn are vulnerable to python class pollution vulnerability. The vulnerability arises from the core functionality `set_property_value`, which c... Read more

    Affected Products : unicorn
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-22918

    Polycom RealPresence Group 500 <=20 has Insecure Permissions due to automatically loaded cookies. This allows for the use of administrator functions, resulting in the leakage of sensitive user information.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-57451

    ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController#getFileList, which allows attackers to view any directory.... Read more

    Affected Products : chestnutcms chestnutcms
    • Published: Feb. 03, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2024-56903

    Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to modify POST request method with the GET against critical functionalities, such as account management. This vulnerability is used in chain with CVE-2024-56901 for a successful CSRF att... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2024-56902

    Information disclosure vulnerability in Geovision GV-ASManager web application with the version v6.1.0.0 or less, which discloses account information, including cleartext password.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2024-56901

    A Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASWeb application with the version 6.1.1.0 or less that allows attackers to arbitrarily create Administrator accounts via a crafted GET request method. This vulnerability is used in chain w... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2024-56898

    Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulnerability allows low privilege users perform actions that they aren't authorized to, which can be leveraged to escalate privileges, create, modify or delete ... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Mar. 22, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2024-44449

    Cross Site Scripting vulnerability in Quorum onQ OS v.6.0.0.5.2064 allows a remote attacker to obtain sensitive information via the msg parameter in the Login page.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Mar. 19, 2025

  • 7.5

    HIGH
    CVE-2024-34897

    Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-34896

    An issue in Nedis SmartLife Video Doorbell (WIFICDP10GY), Nedis SmartLife IOS v1.4.0 causes users who are disconnected from a previous peer-to-peer connection with the device to still have access to live video feed.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2023-52164

    access_device.cgi on Digiever DS-2105 Pro 3.1.0.71-11 devices allows arbitrary file read. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Information Disclosure

  • 5.9

    MEDIUM
    CVE-2023-52163

    Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-25181

    A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.... Read more

    Affected Products : veracore
    • Actively Exploited
    • Published: Feb. 03, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Injection
Showing 20 of 291360 Results