Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.0

    HIGH
    CVE-2024-54887

    TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the r... Read more

    Affected Products : tl-wr940n_firmware tl-wr940n
    • Published: Jan. 09, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2024-54762

    Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection.... Read more

    Affected Products : ruoyi
    • Published: Jan. 09, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2024-54761

    BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the 'dev_code' parameter.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-54724

    PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2024-46505

    Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 23, 2025

  • 5.4

    MEDIUM
    CVE-2024-42898

    A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page.... Read more

    Affected Products : nagios_xi
    • Published: Jan. 09, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-13287

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Views SVG Animation allows Cross-Site Scripting (XSS).This issue affects Views SVG Animation: from 0.0.0 before 1.0.1.... Read more

    Affected Products : views_svg_animation
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-13286

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal SVG Embed allows Cross-Site Scripting (XSS).This issue affects SVG Embed: from 0.0.0 before 2.1.2.... Read more

    Affected Products : svg_embed
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-13285

    Vulnerability in Drupal wkhtmltopdf.This issue affects wkhtmltopdf: *.*.... Read more

    Affected Products : wkhtmltopdf
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025

  • 8.8

    HIGH
    CVE-2024-13284

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Gutenberg allows Cross Site Request Forgery.This issue affects Gutenberg: from 0.0.0 before 2.13.0, from 3.0.0 before 3.0.5.... Read more

    Affected Products : gutenberg
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2024-13283

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.9.... Read more

    Affected Products : facets
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-13282

    Incorrect Authorization vulnerability in Drupal Block permissions allows Forceful Browsing.This issue affects Block permissions: from 1.0.0 before 1.2.0.... Read more

    Affected Products : block_permissions
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2024-13281

    Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2.... Read more

    Affected Products : monster_menus
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-13280

    Insufficient Session Expiration vulnerability in Drupal Persistent Login allows Forceful Browsing.This issue affects Persistent Login: from 0.0.0 before 1.8.0, from 2.0.* before 2.2.2.... Read more

    Affected Products : persistent_login
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-13279

    Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.8.0.... Read more

    Affected Products : two-factor_authentication
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2024-13278

    Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0.... Read more

    Affected Products : diff
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2024-13277

    Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.This issue affects Smart IP Ban: from 7.X-1.0 before 7.X-1.1.... Read more

    Affected Products : smart_ip_ban
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-13276

    Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.39.... Read more

    Affected Products : file_entity
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2024-13275

    Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Drupal Security Kit allows HTTP DoS.This issue affects Security Kit: from 0.0.0 before 2.0.3.... Read more

    Affected Products : security_kit
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2024-13274

    Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5.... Read more

    Affected Products : open_social
    • Published: Jan. 09, 2025
    • Modified: Jan. 14, 2025
Showing 20 of 293423 Results