Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-11132

    The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authent... Read more

    Affected Products : eventer eventer
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2024-57238

    Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc/proc_get endpoint. The vulnerability allows an attacker to manipulate SQL queries by injecting malicious SQL code into the order_by parameter.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2024-57237

    Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross Site Scripting (XSS) in the /reqproc/proc_get endpoint. The vulnerability arises because the cmd parameter does not properly sanitize input and the response is served with a Content-Typ... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-57004

    Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-50656

    itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php.... Read more

    Affected Products : placement_management_system
    • Published: Feb. 03, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2024-12510

    If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-24898

    rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions `ssl::select_next_proto` can return a slice pointing into the `server` argument's buffer but with a lifetime bound to the `client` argument. In situations wh... Read more

    Affected Products : openssl rust-openssl
    • Published: Feb. 03, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 4.2

    MEDIUM
    CVE-2024-57967

    PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mapping.... Read more

    Affected Products : privileged_access_manager
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-57175

    A Stored Cross-Site Scripting (XSS) vulnerability was identified in the PHPGURUKUL Online Birth Certificate System v1.0 via the profile name to /user/certificate-form.php.... Read more

    Affected Products : online_birth_certificate_system
    • Published: Feb. 03, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2024-56161

    Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2024-54840

    PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection.... Read more

    Affected Products : privileged_access_manager
    • Published: Feb. 03, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2024-53943

    An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to XSS via the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute JavaScript within the context of the current u... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-53942

    An issue was discovered on NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to command injection via the 2.4 GHz and 5 GHz name parameters, allowing a remote attacker to execute arbitrary OS commands on t... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-36437

    The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.enflick.an... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-55456

    lunasvg v3.0.1 was discovered to contain a segmentation violation via the component gray_find_cell... Read more

    Affected Products : lunasvg
    • Published: Feb. 03, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-49843

    Memory corruption while processing IOCTL from user space to handle GPU AHB bus error.... Read more

    • Published: Feb. 03, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-49840

    Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality.... Read more

    • Published: Feb. 03, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-49839

    Memory corruption during management frame processing due to mismatch in T2LM info element.... Read more

    • Published: Feb. 03, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Memory Corruption

  • 8.2

    HIGH
    CVE-2024-49838

    Information disclosure while parsing the OCI IE with invalid length.... Read more

    • Published: Feb. 03, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2024-49837

    Memory corruption while reading CPU state data during guest VM suspend.... Read more

    • Published: Feb. 03, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291562 Results