Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2024-50857

    The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully.... Read more

    Affected Products : gestioip
    • Published: Jan. 14, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-48760

    An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution.... Read more

    Affected Products : gestioip
    • Published: Jan. 14, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2024-45102

    A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On (SSO) provider for XCC instances.... Read more

    Affected Products : xclarity_administrator
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Authorization

  • 4.7

    MEDIUM
    CVE-2024-10254

    A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.... Read more

    Affected Products : pcmanager app_store browser
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Memory Corruption

  • 4.7

    MEDIUM
    CVE-2024-10253

    A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.... Read more

    Affected Products : pcmanager app_store browser
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Race Condition

  • 6.5

    MEDIUM
    CVE-2025-23019

    IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface.... Read more

    Affected Products : ipv6
    • Published: Jan. 14, 2025
    • Modified: Jan. 29, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-23018

    IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network interface. This is a similar issue to CVE-... Read more

    Affected Products : ipv6
    • Published: Jan. 14, 2025
    • Modified: Jan. 29, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-21139

    Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more

    Affected Products : substance_3d_designer
    • Published: Jan. 14, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-21138

    Substance3D - Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim m... Read more

    Affected Products : substance_3d_designer
    • Published: Jan. 14, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-21137

    Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more

    Affected Products : substance_3d_designer
    • Published: Jan. 14, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-21136

    Substance3D - Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim m... Read more

    Affected Products : substance_3d_designer
    • Published: Jan. 14, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-21135

    Animate versions 24.0.6, 23.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in t... Read more

    Affected Products : macos windows animate
    • Published: Jan. 14, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-55945

    TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Addit... Read more

    Affected Products : typo3
    • Published: Jan. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.0

    HIGH
    CVE-2024-55924

    TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Addit... Read more

    Affected Products : typo3
    • Published: Jan. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-55923

    TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Addit... Read more

    Affected Products : typo3
    • Published: Jan. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2024-55922

    TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Addit... Read more

    Affected Products : typo3
    • Published: Jan. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2024-55921

    TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Addit... Read more

    Affected Products : typo3
    • Published: Jan. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-55920

    TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Addit... Read more

    Affected Products : typo3
    • Published: Jan. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2024-55894

    TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Addit... Read more

    Affected Products : typo3
    • Published: Jan. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-55893

    TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Addit... Read more

    Affected Products : typo3
    • Published: Jan. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 291358 Results