Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-22978

    eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module.... Read more

    Affected Products : eladmin
    • Published: Feb. 03, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2024-57968

    Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.... Read more

    Affected Products : veracore
    • Actively Exploited
    • Published: Feb. 03, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-57669

    Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.31 allows a remote attacker to obtain sensitive information via the BackupController.java file.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Path Traversal

  • 4.8

    MEDIUM
    CVE-2024-57498

    Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allows a remote attacker to escalate privileges via the article editing function.... Read more

    Affected Products : forestblog
    • Published: Feb. 03, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-57452

    ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder.... Read more

    Affected Products : chestnutcms chestnutcms
    • Published: Feb. 03, 2025
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-57450

    ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function.... Read more

    Affected Products : chestnutcms chestnutcms
    • Published: Feb. 03, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-57099

    ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the se... Read more

    Affected Products : classcms classcms
    • Published: Feb. 03, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57098

    Moss v0.1.3 version has an SQL injection vulnerability that allows attackers to inject carefully designed payloads into the order parameter.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2024-57097

    ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admin/channel.php.... Read more

    Affected Products : classcms classcms
    • Published: Feb. 03, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-56946

    Denial of service in DNS-over-QUIC in Technitium DNS Server <= v13.2.2 allows remote attackers to permanently stop the server from accepting new DNS-over-QUIC connections by triggering unhandled exceptions in listener threads.... Read more

    Affected Products : dnsserver
    • Published: Feb. 03, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-56921

    An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of gmm_state_exception() function upon receipt of the Nausf_UEAuthentication_Authenticate response.... Read more

    Affected Products : open5gs
    • Published: Feb. 03, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2024-12859

    The BoomBox Theme Extensions plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.8.0 via the 'boombox_listing' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Path Traversal

  • 7.6

    HIGH
    CVE-2024-12511

    With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2024-11134

    The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eventer_export_bookings_csv' function in all versions up to, and including, 3.9.9. This makes it possible for authenticated attackers w... Read more

    Affected Products : eventer eventer
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2024-11133

    The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_pdf_download_request' function in all versions up to, and including, 3.9.9. This makes it possible for unauthenticated attackers... Read more

    Affected Products : eventer eventer
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2024-11132

    The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authent... Read more

    Affected Products : eventer eventer
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2024-57238

    Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc/proc_get endpoint. The vulnerability allows an attacker to manipulate SQL queries by injecting malicious SQL code into the order_by parameter.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2024-57237

    Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross Site Scripting (XSS) in the /reqproc/proc_get endpoint. The vulnerability arises because the cmd parameter does not properly sanitize input and the response is served with a Content-Typ... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-57004

    Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-50656

    itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php.... Read more

    Affected Products : placement_management_system
    • Published: Feb. 03, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291358 Results