Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-22604

    Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part ... Read more

    Affected Products : cacti
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-0730

    A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usr_account_set.cgi of the component HTTP GET Request Handler. The manipulation of the argument use... Read more

    Affected Products : tl-sg108e_firmware tl-sg108e
    • Published: Jan. 27, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-0729

    A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The attack may be initiated remotely. Upgrading to versio... Read more

    Affected Products : tl-sg108e_firmware
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2024-57276

    In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service contains an unquoted service path vulnerability. This service is configured with insecure permissions, allowing users to modify the executable file path used by the service. The service ... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 30, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2024-57272

    SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower is vulnerable to Cross Site Scripting (XSS).... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 28, 2025

  • 9.0

    CRITICAL
    CVE-2024-55228

    A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: Jan. 27, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    CRITICAL
    CVE-2024-55227

    A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: Jan. 27, 2025
    • Modified: Feb. 19, 2025

  • 8.8

    HIGH
    CVE-2024-54146

    Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of host_templates.php using the graph_template parameter. This vulnerability is fixed in 1.2.29.... Read more

    Affected Products : cacti
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-54145

    Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.... Read more

    Affected Products : cacti
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-48420

    Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/getWifiBasic.... Read more

    Affected Products : br-6476ac_firmware br-6476ac
    • Published: Jan. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2024-48419

    Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of the... Read more

    Affected Products : br-6476ac_firmware br-6476ac
    • Published: Jan. 27, 2025
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2024-48418

    In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request /goform/fromSetDDNS does not properly handle special characters in any of user provided parameters, allowing an attacker with access to the web interface to inject and execute arbitrary... Read more

    Affected Products : br-6476ac_firmware br-6476ac
    • Published: Jan. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 5.2

    MEDIUM
    CVE-2024-48417

    Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Cross Site Scripting (XSS) in : /bin/goahead via /goform/setStaticRoute, /goform/fromSetFilterUrlFilter, and /goform/fromSetFilterClientFilter.... Read more

    Affected Products : br-6476ac_firmware br-6476ac
    • Published: Jan. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-48416

    Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/fromSetLanDhcpsClientbinding.... Read more

    Affected Products : br-6476ac_firmware br-6476ac
    • Published: Jan. 27, 2025
    • Modified: May. 28, 2025

  • 7.5

    HIGH
    CVE-2024-27256

    IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensiti... Read more

    • Published: Jan. 27, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cryptography

  • 6.0

    MEDIUM
    CVE-2024-45598

    Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside t... Read more

    Affected Products : cacti
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Information Disclosure

  • 5.9

    MEDIUM
    CVE-2024-38325

    IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain s... Read more

    • Published: Jan. 27, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-38320

    IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive informa... Read more

    • Published: Jan. 27, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cryptography

  • 5.4

    MEDIUM
    CVE-2024-37527

    IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discl... Read more

    • Published: Jan. 27, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-22316

    IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls.... Read more

    Affected Products : sterling_file_gateway
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Authorization
Showing 20 of 291205 Results