Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.6

    MEDIUM
    CVE-2024-13299

    Vulnerability in Drupal Megamenu Framework.This issue affects Megamenu Framework: *.*.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 14, 2025

  • 4.8

    MEDIUM
    CVE-2024-13298

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Tarte au Citron allows Cross-Site Scripting (XSS).This issue affects Tarte au Citron: from 2.0.0 before 2.0.5.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.6

    MEDIUM
    CVE-2024-13297

    Deserialization of Untrusted Data vulnerability in Drupal Eloqua allows Object Injection.This issue affects Eloqua: from 7.X-* before 7.X-1.15.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Injection

  • 6.6

    MEDIUM
    CVE-2024-13296

    Deserialization of Untrusted Data vulnerability in Drupal Mailjet allows Object Injection.This issue affects Mailjet: from 0.0.0 before 4.0.1.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Injection

  • 6.6

    MEDIUM
    CVE-2024-13295

    Deserialization of Untrusted Data vulnerability in Drupal Node export allows Object Injection.This issue affects Node export: from 7.X-* before 7.X-3.3.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2024-13294

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal POST File allows Cross-Site Scripting (XSS).This issue affects POST File: from 0.0.0 before 1.0.2.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.1

    LOW
    CVE-2024-13293

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal POST File allows Cross Site Request Forgery.This issue affects POST File: from 0.0.0 before 1.0.2.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.8

    MEDIUM
    CVE-2024-13292

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Tooltip allows Cross-Site Scripting (XSS).This issue affects Tooltip: from 0.0.0 before 1.1.2.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2024-13291

    Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2024-13290

    Incorrect Authorization vulnerability in Drupal OhDear Integration allows Forceful Browsing.This issue affects OhDear Integration: from 0.0.0 before 2.0.4.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-13289

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Cookiebot + GTM allows Cross-Site Scripting (XSS).This issue affects Cookiebot + GTM: from 0.0.0 before 1.0.18.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-13288

    Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-56114

    Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to su... Read more

    Affected Products : canlineapp
    • Published: Jan. 09, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-56113

    Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing sensitive information defined in Django settings file through verbose error page.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2024-55494

    A PHP Code Injection vulnerability that can lead to Remote Code Execution (RCE) and XSS in Opencode Mobile Collect Call v5.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the op_func parameter at /occontro... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2024-54887

    TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the r... Read more

    Affected Products : tl-wr940n_firmware tl-wr940n
    • Published: Jan. 09, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2024-54762

    Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection.... Read more

    Affected Products : ruoyi
    • Published: Jan. 09, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2024-54761

    BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the 'dev_code' parameter.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-54724

    PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2024-46505

    Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 23, 2025
Showing 20 of 291878 Results