Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-22997

    A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter.... Read more

    Affected Products : e5600_firmware e5600
    • Published: Jan. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-22996

    A stored cross-site scripting (XSS) vulnerability in the spf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter.... Read more

    Affected Products : e5600_firmware e5600
    • Published: Jan. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2024-57767

    MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download.... Read more

    Affected Products : mysiteforme
    • Published: Jan. 15, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.1

    CRITICAL
    CVE-2024-57766

    MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField.... Read more

    Affected Products : mysiteforme
    • Published: Jan. 15, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-57765

    MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list.... Read more

    Affected Products : mysiteforme
    • Published: Jan. 15, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2024-57764

    MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add.... Read more

    Affected Products : mysiteforme
    • Published: Jan. 15, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2024-57763

    MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField.... Read more

    Affected Products : mysiteforme
    • Published: Jan. 15, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-57762

    MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file.... Read more

    Affected Products : mysiteforme
    • Published: Jan. 15, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2024-57761

    An arbitrary file upload vulnerability in the parserXML() method of JeeWMS before v2025.01.01 allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2024-57760

    JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java.... Read more

    Affected Products : jeewms
    • Published: Jan. 15, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-57757

    JeeWMS before v2025.01.01 was discovered to contain a permission bypass in the component /interceptors/AuthInterceptor.cava.... Read more

    Affected Products : jeewms
    • Published: Jan. 15, 2025
    • Modified: Apr. 18, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-57483

    Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function.... Read more

    Affected Products : i24_firmware i24
    • Published: Jan. 14, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-57473

    H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary co... Read more

    Affected Products : n12_firmware n12
    • Published: Jan. 14, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-54730

    Flatnotes <v5.3.1 is vulnerable to denial of service through the upload image function.... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Denial of Service

  • 9.0

    CRITICAL
    CVE-2024-54142

    Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had HTML entities those could leak into the Discourse application when a user visited a post with a oneb... Read more

    Affected Products : ai
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2024-53277

    Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages incl... Read more

    Affected Products : framework
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-47605

    silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replaci... Read more

    Affected Products : framework
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.4

    HIGH
    CVE-2024-42911

    ECOVACS Robotics Deebot T20 OMNI and T20e OMNI before 1.24.0 was discovered to contain a WiFi Remote Code Execution vulnerability.... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-57482

    H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute a... Read more

    Affected Products : n12_firmware n12
    • Published: Jan. 14, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-57480

    H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the AP configuration function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary comma... Read more

    Affected Products : n12_firmware n12
    • Published: Jan. 14, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291562 Results