Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-23079

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - ArticleFeedbackv5 extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - ArticleFeedbackv5 ex... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.7

    MEDIUM
    CVE-2024-54910

    Hasleo Backup Suite Free v4.9.4 and before is vulnerable to Insecure Permissions via the File recovery function.... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-23078

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - Breadcrumbs2 extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Breadcrumbs2 extension: f... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2024-6880

    During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms.  Publicly available source code of "/registered.php" discloses t... Read more

    Affected Products : megabip
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2024-6662

    Websites managed by MegaBIP in versions below 5.15 are vulnerable to Cross-Site Request Forgery (CSRF) as the form available under "/edytor/index.php?id=7,7,0" lacks protection mechanisms. A user could be tricked into visiting a malicious website, which w... Read more

    Affected Products : megabip
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.0

    HIGH
    CVE-2024-57228

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2024-57227

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2024-57226

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57225

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57224

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57223

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2024-57222

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-54687

    Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting (XSS) via the Documents module and function uploadAndSaveFile in CRMEntity.php.... Read more

    Affected Products : vtiger_crm
    • Published: Jan. 10, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2024-57214

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.... Read more

    Affected Products : a6000r_firmware a6000r
    • Published: Jan. 10, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2024-57213

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function.... Read more

    Affected Products : a6000r_firmware a6000r
    • Published: Jan. 10, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2024-57212

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the action_reboot function.... Read more

    Affected Products : a6000r_firmware a6000r
    • Published: Jan. 10, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2024-57211

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function.... Read more

    Affected Products : a6000r_firmware a6000r
    • Published: Jan. 10, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Injection

  • 5.9

    MEDIUM
    CVE-2024-54849

    An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the second RSA private key and access sensitive data or execute a man-in-the-middle attack.... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cryptography

  • 7.4

    HIGH
    CVE-2024-54848

    Improper handling and storage of certificates in CP Plus CP-VNR-3104 B3223P22C02424 allow attackers to decrypt communications or execute a man-in-the-middle attacks.... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cryptography

  • 5.9

    MEDIUM
    CVE-2024-54847

    An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to access the Diffie-Hellman (DH) parameters and access sensitive data or execute a man-in-the-middle attack.... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cryptography
Showing 20 of 292827 Results