Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-13192

    A vulnerability, which was classified as problematic, was found in ZeroWdd myblog 1.0. Affected is the function update of the file src/main/java/com/wdd/myblog/controller/admin/BlogController.java. The manipulation leads to cross site scripting. It is pos... Read more

    Affected Products : myblog
    • Published: Jan. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-13191

    A vulnerability, which was classified as critical, has been found in ZeroWdd myblog 1.0. This issue affects the function upload of the file src/main/java/com/wdd/myblog/controller/admin/uploadController.java. The manipulation of the argument file leads to... Read more

    Affected Products : myblog
    • Published: Jan. 08, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-22145

    Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows incl... Read more

    Affected Products :
    • Published: Jan. 08, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Path Traversal

  • 3.4

    LOW
    CVE-2024-54010

    A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against the ICMP and UDP protocol. For this attack to be success... Read more

    Affected Products :
    • Published: Jan. 08, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Misconfiguration

  • 1.9

    LOW
    CVE-2024-53995

    SickChill is an automatic video library manager for TV shows. A user-controlled `login` endpoint's `next_` parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the ... Read more

    Affected Products :
    • Published: Jan. 08, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Authentication

  • 6.0

    MEDIUM
    CVE-2024-52869

    Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is an operating system move from SUSE Enterprise Linux Server (SLES) 12 Service Pack (SP) 2 or 3 to SLES 15 SP2 ... Read more

    Affected Products :
    • Published: Jan. 08, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-13190

    A vulnerability classified as critical was found in ZeroWdd myblog 1.0. This vulnerability affects unknown code of the file src/main/resources/mapper/BlogMapper.xml. The manipulation of the argument findBlogList/getTotalBlogs leads to xml injection. The a... Read more

    Affected Products : myblog
    • Published: Jan. 08, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2024-12431

    An issue was discovered in GitLab CE/EE affecting all versions starting from 15.5 before 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1, in which unauthorized users could manipulate the status of issues in public projects.... Read more

    Affected Products : gitlab
    • Published: Jan. 08, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-22143

    WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the listar_permissoes.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the ... Read more

    Affected Products : wegia
    • Published: Jan. 08, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-0194

    An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests w... Read more

    Affected Products : gitlab
    • Published: Jan. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2024-13189

    A vulnerability classified as critical has been found in ZeroWdd myblog 1.0. This affects an unknown part of the file src/main/java/com/wdd/myblog/config/MyBlogMvcConfig.java. The manipulation leads to permission issues. It is possible to initiate the att... Read more

    Affected Products : myblog
    • Published: Jan. 08, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authorization

  • 9.4

    CRITICAL
    CVE-2025-22141

    WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /dao/verificar_recursos_cargo.php endpoint, specifically in the cargo parameter. This vulnerability allows attackers to execute arbitrary SQL commands,... Read more

    Affected Products : wegia
    • Published: Jan. 08, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-22140

    WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar_um.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitr... Read more

    Affected Products : wegia
    • Published: Jan. 08, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-22139

    WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the configuracao_geral.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the... Read more

    Affected Products : wegia
    • Published: Jan. 08, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-0291

    Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 08, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2024-54818

    SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control. via /php-lms/admin/?page=user/list.... Read more

    • Published: Jan. 08, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2024-53526

    composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the handle_tool_calls function.... Read more

    Affected Products : composio
    • Published: Jan. 08, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2024-13188

    A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. Affected by this issue is some unknown functionality of the file /opt/MicroWorld/var/ of the component Installation Handler. The manipulation leads to ... Read more

    Affected Products : escan_anti-virus
    • Published: Jan. 08, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-21111

    Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.... Read more

    • Published: Jan. 08, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2024-6350

    A malformed 802.15.4 packet causes a buffer overflow to occur leading to an assert and a denial of service. A watchdog reset clears the error condition automatically.... Read more

    Affected Products :
    • Published: Jan. 08, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Denial of Service
Showing 20 of 293508 Results