Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-57680

    An access control issue in the component form2PortriggerRule.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the port trigger of the device via a crafted POST request.... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jan. 16, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-57679

    An access control issue in the component form2RepeaterSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G repeater service of the device via a crafted POST request.... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jan. 16, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-57678

    An access control issue in the component form2WlAc.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G mac access control list of the device via a crafted POST request.... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jan. 16, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-57677

    An access control issue in the component form2Wan.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the wan service of the device via a crafted POST request.... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jan. 16, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-57676

    An access control issue in the component form2WlanBasicSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G wlan service of the device via a crafted POST request.... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jan. 16, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2024-52594

    Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit `c4f1e01` fixes this issue. Users are advis... Read more

    Affected Products : gomatrixserverlib
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-20072

    Mattermost Mobile versions <= 2.22.0 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the mobile via crafted malicious input.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Denial of Service

  • 4.6

    MEDIUM
    CVE-2024-57776

    A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-57775

    JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2024-57774

    A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: May. 17, 2025

  • 4.8

    MEDIUM
    CVE-2024-57773

    A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-57772

    A cross-site scripting (XSS) vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-57771

    A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-57770

    JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-57769

    JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57768

    JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 0.0

    NONE
    CVE-2024-50633

    A Broken Object Level Authorization (BOLA) vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the product intentiona... Read more

    Affected Products : indico
    • Published: Jan. 16, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2024-41746

    IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials d... Read more

    Affected Products : linux_kernel cics_tx
    • Published: Jan. 16, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.6

    LOW
    CVE-2024-37181

    Time-of-check time-of-use race condition in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable information disclosure via adjacent access.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Race Condition

  • 5.3

    MEDIUM
    CVE-2025-0518

    Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue a... Read more

    Affected Products : ffmpeg
    • Published: Jan. 16, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291219 Results