Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-46464

    In PRIMX ZED Enterprise up to 2024.3, technical files stored in local folders with common user access can be manipulated to render the host computer unavailable or to execute programs with an elevation of privilege.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2023-28354

    An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call check_nrpe against affected targets, specifying known NRPE plugins, which in default installations are configured to accept command control characters and pa... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-55226

    Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting (XSS) vulnerability via the component /api/core/mod.rs.... Read more

    Affected Products : vaultwarden
    • Published: Jan. 09, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-55225

    An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request.... Read more

    Affected Products : vaultwarden
    • Published: Jan. 09, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authorization

  • 9.6

    CRITICAL
    CVE-2024-55224

    An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrary code via injecting a crafted payload into the username field of an e-mail message.... Read more

    Affected Products : vaultwarden
    • Published: Jan. 09, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2024-48806

    Buffer Overflow vulnerability in Neat Board NFC v.1.20240620.0015 allows a physically proximate attackers to escalate privileges via a crafted payload to the password field... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2024-13312

    Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 11.8.0 before 12.3.10, from 12.4.0 before 12.4.9.... Read more

    Affected Products : open_social
    • Published: Jan. 09, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2024-13311

    Vulnerability in Drupal Allow All File Extensions for file fields.This issue affects Allow All File Extensions for file fields: *.*.... Read more

    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2024-13310

    Vulnerability in Drupal Git Utilities for Drupal.This issue affects Git Utilities for Drupal: *.*.... Read more

    Affected Products : git_utilities
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025

  • 5.4

    MEDIUM
    CVE-2024-13309

    Improper Authentication vulnerability in Drupal Login Disable allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Disable: from 2.0.0 before 2.1.1.... Read more

    Affected Products : login_disable
    • Published: Jan. 09, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Authentication

  • 3.8

    LOW
    CVE-2024-13308

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Browser Back Button allows Cross-Site Scripting (XSS).This issue affects Browser Back Button: from 1.0.0 before 2.0.2.... Read more

    • Published: Jan. 09, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-13305

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Entity Form Steps allows Cross-Site Scripting (XSS).This issue affects Entity Form Steps: from 0.0.0 before 1.1.4.... Read more

    Affected Products : entity_form_steps
    • Published: Jan. 09, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.5

    MEDIUM
    CVE-2024-13304

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Minify JS allows Cross Site Request Forgery.This issue affects Minify JS: from 0.0.0 before 3.0.3.... Read more

    Affected Products : minify_js
    • Published: Jan. 09, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2024-13303

    Missing Authorization vulnerability in Drupal Download All Files allows Forceful Browsing.This issue affects Download All Files: from 0.0.0 before 2.0.2.... Read more

    Affected Products : download_all_files
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2024-13302

    Incorrect Authorization vulnerability in Drupal Pages Restriction Access allows Forceful Browsing.This issue affects Pages Restriction Access: from 2.0.0 before 2.0.3.... Read more

    Affected Products : pages_restriction_access
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2024-13301

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client) allows Cross-Site Scripting (XSS).This issue affects OAuth & OpenID Connect Single... Read more

    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.6

    MEDIUM
    CVE-2024-13300

    Vulnerability in Drupal Print Anything.This issue affects Print Anything: *.*.... Read more

    Affected Products : print_anything
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025

  • 6.6

    MEDIUM
    CVE-2024-13299

    Vulnerability in Drupal Megamenu Framework.This issue affects Megamenu Framework: *.*.... Read more

    Affected Products : megamenu_framework
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025

  • 4.8

    MEDIUM
    CVE-2024-13298

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Tarte au Citron allows Cross-Site Scripting (XSS).This issue affects Tarte au Citron: from 2.0.0 before 2.0.5.... Read more

    Affected Products : tarte_au_citron
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.6

    MEDIUM
    CVE-2024-13297

    Deserialization of Untrusted Data vulnerability in Drupal Eloqua allows Object Injection.This issue affects Eloqua: from 7.X-* before 7.X-1.15.... Read more

    Affected Products : eloqua
    • Published: Jan. 09, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection
Showing 20 of 292815 Results