Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.5

    MEDIUM
    CVE-2025-0733

    A vulnerability, which was classified as problematic, was found in Postman up to 11.20 on Windows. This affects an unknown part in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The comple... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Misconfiguration

  • 4.5

    MEDIUM
    CVE-2025-0732

    A vulnerability, which was classified as problematic, has been found in Discord up to 1.0.9177 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to untrusted search path. The attack needs t... Read more

    Affected Products : discord
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2024-26317

    In illumos illumos-gate 2024-02-15, an error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates, causing the algorithm to yield a result of POINT_AT_INFINITY when it should not. A man-in-the-middle attacker c... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Cryptography

  • 7.8

    HIGH
    CVE-2024-12740

    Vision related software from NI used a third-party library for image processing that exposes several vulnerabilities. These vulnerabilities may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a spec... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Supply Chain

  • 9.1

    CRITICAL
    CVE-2025-22604

    Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part ... Read more

    Affected Products : cacti
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-0730

    A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usr_account_set.cgi of the component HTTP GET Request Handler. The manipulation of the argument use... Read more

    Affected Products : tl-sg108e_firmware tl-sg108e
    • Published: Jan. 27, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-0729

    A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The attack may be initiated remotely. Upgrading to versio... Read more

    Affected Products : tl-sg108e_firmware
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2024-57276

    In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service contains an unquoted service path vulnerability. This service is configured with insecure permissions, allowing users to modify the executable file path used by the service. The service ... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 30, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2024-57272

    SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower is vulnerable to Cross Site Scripting (XSS).... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 28, 2025

  • 9.0

    CRITICAL
    CVE-2024-55228

    A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: Jan. 27, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    CRITICAL
    CVE-2024-55227

    A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: Jan. 27, 2025
    • Modified: Feb. 19, 2025

  • 8.8

    HIGH
    CVE-2024-54146

    Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of host_templates.php using the graph_template parameter. This vulnerability is fixed in 1.2.29.... Read more

    Affected Products : cacti
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-54145

    Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.... Read more

    Affected Products : cacti
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-48420

    Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/getWifiBasic.... Read more

    Affected Products : br-6476ac_firmware br-6476ac
    • Published: Jan. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2024-48419

    Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of the... Read more

    Affected Products : br-6476ac_firmware br-6476ac
    • Published: Jan. 27, 2025
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2024-48418

    In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request /goform/fromSetDDNS does not properly handle special characters in any of user provided parameters, allowing an attacker with access to the web interface to inject and execute arbitrary... Read more

    Affected Products : br-6476ac_firmware br-6476ac
    • Published: Jan. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 5.2

    MEDIUM
    CVE-2024-48417

    Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Cross Site Scripting (XSS) in : /bin/goahead via /goform/setStaticRoute, /goform/fromSetFilterUrlFilter, and /goform/fromSetFilterClientFilter.... Read more

    Affected Products : br-6476ac_firmware br-6476ac
    • Published: Jan. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-48416

    Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/fromSetLanDhcpsClientbinding.... Read more

    Affected Products : br-6476ac_firmware br-6476ac
    • Published: Jan. 27, 2025
    • Modified: May. 28, 2025

  • 7.5

    HIGH
    CVE-2024-27256

    IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensiti... Read more

    • Published: Jan. 27, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cryptography

  • 6.0

    MEDIUM
    CVE-2024-45598

    Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside t... Read more

    Affected Products : cacti
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291209 Results