Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.6

    MEDIUM
    CVE-2025-23040

    GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user's credentials through the use of malicio... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-0502

    Transmission of Private Resources into a New Sphere ('Resource Leak') vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64 bit, ARM allows Directory Indexing, Resource Leak Exposure.This issue affects CrafterCMS: from 4.0.0 before 4.0.8, f... Read more

    Affected Products : craftercms
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-0480

    A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to server-side request forgery. It i... Read more

    Affected Products : wuzhicms
    • Published: Jan. 15, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.5

    HIGH
    CVE-2024-52005

    Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed wit... Read more

    Affected Products : git
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-21083

    Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-20088

    Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-20086

    Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-20036

    Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Denial of Service

  • 8.2

    HIGH
    CVE-2024-7085

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Solutions Business Manager (SBM) allows Stored XSS.  The vulnerability could result in the exposure of private information to an unauth... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2024-57025

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setWiFiScheduleCfg.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Jan. 15, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2024-57024

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eMinute" parameter in setWiFiScheduleCfg.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Jan. 15, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2024-57023

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setWiFiScheduleCfg.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Jan. 15, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-57022

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sHour" parameter in setWiFiScheduleCfg.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Jan. 15, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-57021

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Jan. 15, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-57020

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sMinute" parameter in setWiFiScheduleCfg.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Jan. 15, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-57019

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Jan. 15, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-57018

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setVpnAccountCfg.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Jan. 15, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-57017

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "pass" parameter in setVpnAccountCfg.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Jan. 15, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-57016

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "user" parameter in setVpnAccountCfg.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Jan. 15, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-57015

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "hour" parameter in setScheduleCfg.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Jan. 15, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Injection
Showing 20 of 291385 Results