Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-57034

    WeGIA < 3.2.0 is vulnerable to SQL Injection in query_geracao_auto.php via the query parameter.... Read more

    Affected Products : wegia
    • Published: Jan. 17, 2025
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2024-57032

    WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application does not validate the value of the old password, so it is possible to change the password by placing any value in the senha_antiga field.... Read more

    Affected Products : wegia
    • Published: Jan. 17, 2025
    • Modified: Mar. 19, 2025

  • 9.8

    CRITICAL
    CVE-2024-57031

    WeGIA < 3.2.0 is vulnerable to SQL Injection in /funcionario/remuneracao.php via the id_funcionario parameter.... Read more

    Affected Products : wegia
    • Published: Jan. 17, 2025
    • Modified: Mar. 24, 2025

  • 8.1

    HIGH
    CVE-2024-57030

    Wegia < 3.2.0 is vulnerable to Cross Site Scripting (XSS) in /geral/documentos_funcionario.php via the id parameter.... Read more

    Affected Products : wegia
    • Published: Jan. 17, 2025
    • Modified: Apr. 09, 2025

  • 7.1

    HIGH
    CVE-2024-52870

    Teradata Vantage Editor 1.0.1 is mostly intended for SQL database access and docs.teradata.com access, but provides unintended functionality (including Chromium Developer Tools) that can result in a client user accessing arbitrary remote websites.... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-13026

    A vulnerability exists in Algo Edge up to 2.1.1 - a previously used (legacy) component of navify® Algorithm Suite. The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access to the laboratory... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025

  • 9.8

    CRITICAL
    CVE-2025-0535

    A vulnerability classified as critical has been found in Codezips Gym Management System 1.0. This affects an unknown part of the file /dashboard/admin/edit_mem_submit.php. The manipulation of the argument uid leads to sql injection. It is possible to init... Read more

    • Published: Jan. 17, 2025
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2025-0534

    A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Code/loginnew.php. The manipulation of the argument Username lea... Read more

    • Published: Jan. 17, 2025
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2025-0533

    A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Code/sc_login.php. The manipulation of the argument una... Read more

    • Published: Jan. 17, 2025
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2025-0532

    A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/new_submit.php. The manipulation of the argument m_id leads to sql injection. It is possible ... Read more

    • Published: Jan. 17, 2025
    • Modified: Apr. 22, 2025

  • 8.7

    HIGH
    CVE-2025-0430

    Belledonne Communications Linphone-Desktop is vulnerable to a NULL Dereference vulnerability, which could allow a remote attacker to create a denial-of-service condition.... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025

  • 8.8

    HIGH
    CVE-2024-12757

    Nedap Librix Ecoreader is missing authentication for critical functions that could allow an unauthenticated attacker to potentially execute malicious code.... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025

  • 3.5

    LOW
    CVE-2024-54681

    Multiple bash files were present in the application's private directory. Bash files can be used on their own, by an attacker that has already full access to the mobile platform to compromise the translations for the application.... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025

  • 5.6

    MEDIUM
    CVE-2024-53683

    A valid set of credentials in a .js file and a static token for communication were obtained from the decompiled IPA. An attacker could use the information to disrupt normal use of the application by changing the translation files and thus weaken the in... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025

  • 4.3

    MEDIUM
    CVE-2024-45832

    Hard-coded credentials were included as part of the application binary. These credentials served as part of the application authentication flow and communication with the mobile application. An attacker could access unauthorized information.... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-26157

    All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in get view method under view parameter. The ETIC RAS web server uses dynamic pages that get their input from the clie... Read more

    Affected Products : remote_access_server_firmware
    • Published: Jan. 17, 2025
    • Modified: Jul. 31, 2025

  • 6.1

    MEDIUM
    CVE-2024-26156

    All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in the method parameter. The ETIC RAS web server uses dynamic pages that gets their input from the client side and ref... Read more

    Affected Products : remote_access_server_firmware
    • Published: Jan. 17, 2025
    • Modified: Jul. 30, 2025

  • 8.6

    HIGH
    CVE-2024-26155

    All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden, thus allowing a connection ... Read more

    Affected Products : remote_access_server_firmware
    • Published: Jan. 17, 2025
    • Modified: Jul. 30, 2025

  • 6.1

    MEDIUM
    CVE-2024-26154

    All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting in the appliance site name. The ETIC RAS web server saves the site name and then presents it to the administrators in a few differen... Read more

    Affected Products : remote_access_server_firmware
    • Published: Jan. 17, 2025
    • Modified: Jul. 30, 2025

  • 7.4

    HIGH
    CVE-2024-26153

    All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.9.19 are vulnerable to cross-site request forgery (CSRF). An external attacker with no access to the device can force the end user into submitting a "setconf" method request, not requir... Read more

    Affected Products : remote_access_server_firmware
    • Published: Jan. 17, 2025
    • Modified: Jul. 30, 2025
Showing 20 of 291162 Results