Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2024-6662

    Websites managed by MegaBIP in versions below 5.15 are vulnerable to Cross-Site Request Forgery (CSRF) as the form available under "/edytor/index.php?id=7,7,0" lacks protection mechanisms. A user could be tricked into visiting a malicious website, which w... Read more

    Affected Products : megabip
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.0

    HIGH
    CVE-2024-57228

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2024-57227

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2024-57226

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57225

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57224

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57223

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2024-57222

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-54687

    Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting (XSS) via the Documents module and function uploadAndSaveFile in CRMEntity.php.... Read more

    Affected Products : vtiger_crm
    • Published: Jan. 10, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2024-57214

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.... Read more

    Affected Products : a6000r_firmware a6000r
    • Published: Jan. 10, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2024-57213

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function.... Read more

    Affected Products : a6000r_firmware a6000r
    • Published: Jan. 10, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2024-57212

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the action_reboot function.... Read more

    Affected Products : a6000r_firmware a6000r
    • Published: Jan. 10, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2024-57211

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function.... Read more

    Affected Products : a6000r_firmware a6000r
    • Published: Jan. 10, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Injection

  • 5.9

    MEDIUM
    CVE-2024-54849

    An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the second RSA private key and access sensitive data or execute a man-in-the-middle attack.... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cryptography

  • 7.4

    HIGH
    CVE-2024-54848

    Improper handling and storage of certificates in CP Plus CP-VNR-3104 B3223P22C02424 allow attackers to decrypt communications or execute a man-in-the-middle attacks.... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cryptography

  • 5.9

    MEDIUM
    CVE-2024-54847

    An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to access the Diffie-Hellman (DH) parameters and access sensitive data or execute a man-in-the-middle attack.... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cryptography

  • 5.9

    MEDIUM
    CVE-2024-54846

    An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the EC private key and access sensitive data or execute a man-in-the-middle attack.... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-22949

    Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Jan. 10, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-22600

    WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the configuracao_doacao.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in th... Read more

    Affected Products : wegia
    • Published: Jan. 10, 2025
    • Modified: Apr. 09, 2025

  • 6.5

    MEDIUM
    CVE-2025-22599

    WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the home.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_c paramet... Read more

    Affected Products : wegia
    • Published: Jan. 10, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291863 Results