Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-56901

    A Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASWeb application with the version 6.1.1.0 or less that allows attackers to arbitrarily create Administrator accounts via a crafted GET request method. This vulnerability is used in chain w... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2024-56898

    Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulnerability allows low privilege users perform actions that they aren't authorized to, which can be leveraged to escalate privileges, create, modify or delete ... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Mar. 22, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2024-44449

    Cross Site Scripting vulnerability in Quorum onQ OS v.6.0.0.5.2064 allows a remote attacker to obtain sensitive information via the msg parameter in the Login page.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Mar. 19, 2025

  • 7.5

    HIGH
    CVE-2024-34897

    Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-34896

    An issue in Nedis SmartLife Video Doorbell (WIFICDP10GY), Nedis SmartLife IOS v1.4.0 causes users who are disconnected from a previous peer-to-peer connection with the device to still have access to live video feed.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2023-52164

    access_device.cgi on Digiever DS-2105 Pro 3.1.0.71-11 devices allows arbitrary file read. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Information Disclosure

  • 5.9

    MEDIUM
    CVE-2023-52163

    Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-25181

    A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.... Read more

    Affected Products : veracore
    • Actively Exploited
    • Published: Feb. 03, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-25065

    SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints.... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Feb. 03, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2025-25064

    SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 due to insufficient sanitization of a user-supplied parameter. Authenticated attackers can exploit this vulnerabilit... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Feb. 03, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-22978

    eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module.... Read more

    Affected Products : eladmin
    • Published: Feb. 03, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2024-57968

    Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.... Read more

    Affected Products : veracore
    • Actively Exploited
    • Published: Feb. 03, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-57669

    Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.31 allows a remote attacker to obtain sensitive information via the BackupController.java file.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Path Traversal

  • 4.8

    MEDIUM
    CVE-2024-57498

    Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allows a remote attacker to escalate privileges via the article editing function.... Read more

    Affected Products : forestblog
    • Published: Feb. 03, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-57452

    ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder.... Read more

    Affected Products : chestnutcms chestnutcms
    • Published: Feb. 03, 2025
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-57450

    ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function.... Read more

    Affected Products : chestnutcms chestnutcms
    • Published: Feb. 03, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-57099

    ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the se... Read more

    Affected Products : classcms classcms
    • Published: Feb. 03, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57098

    Moss v0.1.3 version has an SQL injection vulnerability that allows attackers to inject carefully designed payloads into the order parameter.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2024-57097

    ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admin/channel.php.... Read more

    Affected Products : classcms classcms
    • Published: Feb. 03, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-56946

    Denial of service in DNS-over-QUIC in Technitium DNS Server <= v13.2.2 allows remote attackers to permanently stop the server from accepting new DNS-over-QUIC connections by triggering unhandled exceptions in listener threads.... Read more

    Affected Products : dnsserver
    • Published: Feb. 03, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291368 Results