Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-57224

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57223

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2024-57222

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-54687

    Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting (XSS) via the Documents module and function uploadAndSaveFile in CRMEntity.php.... Read more

    Affected Products : vtiger_crm
    • Published: Jan. 10, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2024-57214

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.... Read more

    Affected Products : a6000r_firmware a6000r
    • Published: Jan. 10, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2024-57213

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function.... Read more

    Affected Products : a6000r_firmware a6000r
    • Published: Jan. 10, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2024-57212

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the action_reboot function.... Read more

    Affected Products : a6000r_firmware a6000r
    • Published: Jan. 10, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2024-57211

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function.... Read more

    Affected Products : a6000r_firmware a6000r
    • Published: Jan. 10, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Injection

  • 5.9

    MEDIUM
    CVE-2024-54849

    An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the second RSA private key and access sensitive data or execute a man-in-the-middle attack.... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cryptography

  • 7.4

    HIGH
    CVE-2024-54848

    Improper handling and storage of certificates in CP Plus CP-VNR-3104 B3223P22C02424 allow attackers to decrypt communications or execute a man-in-the-middle attacks.... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cryptography

  • 5.9

    MEDIUM
    CVE-2024-54847

    An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to access the Diffie-Hellman (DH) parameters and access sensitive data or execute a man-in-the-middle attack.... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cryptography

  • 5.9

    MEDIUM
    CVE-2024-54846

    An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the EC private key and access sensitive data or execute a man-in-the-middle attack.... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-22949

    Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Jan. 10, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-22600

    WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the configuracao_doacao.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in th... Read more

    Affected Products : wegia
    • Published: Jan. 10, 2025
    • Modified: Apr. 09, 2025

  • 6.5

    MEDIUM
    CVE-2025-22599

    WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the home.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_c paramet... Read more

    Affected Products : wegia
    • Published: Jan. 10, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2025-22598

    WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the cadastrarSocio.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the loca... Read more

    Affected Products : wegia
    • Published: Jan. 10, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2025-22597

    WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the CobrancaController.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the ... Read more

    Affected Products : wegia
    • Published: Jan. 10, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-22596

    WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the modulos_visiveis.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the m... Read more

    Affected Products : wegia
    • Published: Jan. 10, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.4

    CRITICAL
    CVE-2025-22152

    Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowing an attacker to read, modify, or execute arbitrary files on the server. These vulnerabilities c... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2024-56511

    DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause the risk of unauthorized access. In the io.dataease.auth.... Read more

    Affected Products : dataease
    • Published: Jan. 10, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Authentication
Showing 20 of 291878 Results