Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-13195

    A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. It has been classified as critical. This affects the function getHtml of the file src/main/java/org/zdd/bookstore/rawl/HttpUtil.java. The manipulation of the argument url leads to server-side... Read more

    Affected Products : bookstore
    • Published: Jan. 09, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2024-13194

    A vulnerability was found in Sucms 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/admin_members.php?ac=search. The manipulation of the argument uid leads to sql injection. The attack may be launched... Read more

    Affected Products : sucms
    • Published: Jan. 09, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 7.0

    HIGH
    CVE-2025-0283

    A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.... Read more

    • Published: Jan. 08, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    CRITICAL
    CVE-2025-0282

    A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execu... Read more

    • Actively Exploited
    • Published: Jan. 08, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-13193

    A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file SEMCMS_Images.php of the component Image Library Management Page. The manipulation leads to sql injection... Read more

    Affected Products : semcms
    • Published: Jan. 08, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-13192

    A vulnerability, which was classified as problematic, was found in ZeroWdd myblog 1.0. Affected is the function update of the file src/main/java/com/wdd/myblog/controller/admin/BlogController.java. The manipulation leads to cross site scripting. It is pos... Read more

    Affected Products : myblog
    • Published: Jan. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-13191

    A vulnerability, which was classified as critical, has been found in ZeroWdd myblog 1.0. This issue affects the function upload of the file src/main/java/com/wdd/myblog/controller/admin/uploadController.java. The manipulation of the argument file leads to... Read more

    Affected Products : myblog
    • Published: Jan. 08, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-22145

    Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows incl... Read more

    Affected Products :
    • Published: Jan. 08, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Path Traversal

  • 3.4

    LOW
    CVE-2024-54010

    A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against the ICMP and UDP protocol. For this attack to be success... Read more

    Affected Products :
    • Published: Jan. 08, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Misconfiguration

  • 1.9

    LOW
    CVE-2024-53995

    SickChill is an automatic video library manager for TV shows. A user-controlled `login` endpoint's `next_` parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the ... Read more

    Affected Products :
    • Published: Jan. 08, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Authentication

  • 6.0

    MEDIUM
    CVE-2024-52869

    Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is an operating system move from SUSE Enterprise Linux Server (SLES) 12 Service Pack (SP) 2 or 3 to SLES 15 SP2 ... Read more

    Affected Products :
    • Published: Jan. 08, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-13190

    A vulnerability classified as critical was found in ZeroWdd myblog 1.0. This vulnerability affects unknown code of the file src/main/resources/mapper/BlogMapper.xml. The manipulation of the argument findBlogList/getTotalBlogs leads to xml injection. The a... Read more

    Affected Products : myblog
    • Published: Jan. 08, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2024-12431

    An issue was discovered in GitLab CE/EE affecting all versions starting from 15.5 before 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1, in which unauthorized users could manipulate the status of issues in public projects.... Read more

    Affected Products : gitlab
    • Published: Jan. 08, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-22143

    WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the listar_permissoes.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the ... Read more

    Affected Products : wegia
    • Published: Jan. 08, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-0194

    An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests w... Read more

    Affected Products : gitlab
    • Published: Jan. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2024-13189

    A vulnerability classified as critical has been found in ZeroWdd myblog 1.0. This affects an unknown part of the file src/main/java/com/wdd/myblog/config/MyBlogMvcConfig.java. The manipulation leads to permission issues. It is possible to initiate the att... Read more

    Affected Products : myblog
    • Published: Jan. 08, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authorization

  • 9.4

    CRITICAL
    CVE-2025-22141

    WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /dao/verificar_recursos_cargo.php endpoint, specifically in the cargo parameter. This vulnerability allows attackers to execute arbitrary SQL commands,... Read more

    Affected Products : wegia
    • Published: Jan. 08, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-22140

    WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar_um.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitr... Read more

    Affected Products : wegia
    • Published: Jan. 08, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-22139

    WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the configuracao_geral.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the... Read more

    Affected Products : wegia
    • Published: Jan. 08, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-0291

    Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 08, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293493 Results