Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2025-21490

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... Read more

    Affected Products : debian_linux mysql_server
    • Published: Jan. 21, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-21489

    Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Region Mapping). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network... Read more

    • Published: Jan. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2024-57545

    Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (hidden_dhcp_num) is copied to the stack without length verification.... Read more

    Affected Products : e8450_firmware e8450
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2024-57544

    Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (lan_ipaddr) is copied to the stack without length verification.... Read more

    Affected Products : e8450_firmware e8450
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2024-57543

    Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (dhcpstart_ip) is copied to the stack without length verification.... Read more

    Affected Products : e8450_firmware e8450
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2024-57542

    Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via the field id_email_check_btn.... Read more

    Affected Products : e8450_firmware e8450
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2024-57541

    Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (ipv6_protect_status) is copied to the stack without length verification.... Read more

    Affected Products : e8450_firmware e8450
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-57540

    Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (action) is copied to the stack without length verification.... Read more

    Affected Products : e8450_firmware e8450
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 8.2

    HIGH
    CVE-2024-57539

    Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via userEmail.... Read more

    Affected Products : e8450_firmware e8450
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-57538

    Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (anonymous_protect_status) is copied to the stack without length verification.... Read more

    Affected Products : e8450_firmware e8450
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2024-57537

    Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (page) is copied to the stack without length verification.... Read more

    Affected Products : e8450_firmware e8450
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 8.0

    HIGH
    CVE-2024-57536

    Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via wizard_status.... Read more

    Affected Products : e8450_firmware e8450
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2024-57360

    https://www.gnu.org/software/binutils/ nm >=2.43 is affected by: Incorrect Access Control. The type of exploitation is: local. The component is: `nm --without-symbol-version` function.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2024-55959

    Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2024-55958

    Northern.tech CFEngine Enterprise Mission Portal 3.24.0, 3.21.5, and below allows XSS. The fixed versions are 3.24.1 and 3.21.6.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-48392

    OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-21245

    Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Business Logic Infra SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with networ... Read more

    Affected Products : jd_edwards_enterpriseone_tools
    • Published: Jan. 21, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-24024

    Mjolnir is a moderation tool for Matrix. Mjolnir v1.9.0 responds to management commands from any room the bot is member of. This can allow users who aren't operators of the bot to use the bot's functions, including server administration components if enab... Read more

    Affected Products : mjolnir
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-42936

    The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerable to Remote Code Execution via a modified MQTT broker message.... Read more

    Affected Products : reyee_os rg-ew300n
    • Published: Jan. 21, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2023-45908

    Homarr before v0.14.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notebook widget.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291170 Results