Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-54996

    MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create.... Read more

    Affected Products : monica
    • Published: Jan. 10, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-54994

    MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the first_name and last_name parameters in the Add a new relationship feature.... Read more

    Affected Products : monica
    • Published: Jan. 10, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.8

    MEDIUM
    CVE-2024-6437

    On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing (PBR), BGP Flowspec, or interface traffic policy -- certain IP traffic such as IPv4 packets with IP options m... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Misconfiguration

  • 4.7

    MEDIUM
    CVE-2024-33299

    Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the First Name and Last Name parameters in the endpoint /admin/module/view?type=users... Read more

    Affected Products : microweber cockpit
    • Published: Jan. 10, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-33298

    Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=admin__backup... Read more

    Affected Products : microweber cockpit
    • Published: Jan. 10, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.7

    MEDIUM
    CVE-2024-33297

    Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name (Internal Name) field in the Add new campaign function... Read more

    Affected Products : microweber cockpit
    • Published: Jan. 10, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-12847

    NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulner... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-23079

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - ArticleFeedbackv5 extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - ArticleFeedbackv5 ex... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.7

    MEDIUM
    CVE-2024-54910

    Hasleo Backup Suite Free v4.9.4 and before is vulnerable to Insecure Permissions via the File recovery function.... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-23078

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - Breadcrumbs2 extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Breadcrumbs2 extension: f... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2024-6880

    During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms.  Publicly available source code of "/registered.php" discloses t... Read more

    Affected Products : megabip
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2024-6662

    Websites managed by MegaBIP in versions below 5.15 are vulnerable to Cross-Site Request Forgery (CSRF) as the form available under "/edytor/index.php?id=7,7,0" lacks protection mechanisms. A user could be tricked into visiting a malicious website, which w... Read more

    Affected Products : megabip
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.0

    HIGH
    CVE-2024-57228

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2024-57227

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2024-57226

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57225

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57224

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57223

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2024-57222

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-54687

    Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting (XSS) via the Documents module and function uploadAndSaveFile in CRMEntity.php.... Read more

    Affected Products : vtiger_crm
    • Published: Jan. 10, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291794 Results