Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-13190

    A vulnerability classified as critical was found in ZeroWdd myblog 1.0. This vulnerability affects unknown code of the file src/main/resources/mapper/BlogMapper.xml. The manipulation of the argument findBlogList/getTotalBlogs leads to xml injection. The a... Read more

    Affected Products : myblog
    • Published: Jan. 08, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2024-12431

    An issue was discovered in GitLab CE/EE affecting all versions starting from 15.5 before 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1, in which unauthorized users could manipulate the status of issues in public projects.... Read more

    Affected Products : gitlab
    • Published: Jan. 08, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-22143

    WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the listar_permissoes.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the ... Read more

    Affected Products : wegia
    • Published: Jan. 08, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-0194

    An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests w... Read more

    Affected Products : gitlab
    • Published: Jan. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2024-13189

    A vulnerability classified as critical has been found in ZeroWdd myblog 1.0. This affects an unknown part of the file src/main/java/com/wdd/myblog/config/MyBlogMvcConfig.java. The manipulation leads to permission issues. It is possible to initiate the att... Read more

    Affected Products : myblog
    • Published: Jan. 08, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authorization

  • 9.4

    CRITICAL
    CVE-2025-22141

    WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /dao/verificar_recursos_cargo.php endpoint, specifically in the cargo parameter. This vulnerability allows attackers to execute arbitrary SQL commands,... Read more

    Affected Products : wegia
    • Published: Jan. 08, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-22140

    WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar_um.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitr... Read more

    Affected Products : wegia
    • Published: Jan. 08, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-22139

    WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the configuracao_geral.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the... Read more

    Affected Products : wegia
    • Published: Jan. 08, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-0291

    Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 08, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2024-54818

    SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control. via /php-lms/admin/?page=user/list.... Read more

    • Published: Jan. 08, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2024-53526

    composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the handle_tool_calls function.... Read more

    Affected Products : composio
    • Published: Jan. 08, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2024-13188

    A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. Affected by this issue is some unknown functionality of the file /opt/MicroWorld/var/ of the component Installation Handler. The manipulation leads to ... Read more

    Affected Products : escan_anti-virus
    • Published: Jan. 08, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-21111

    Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.... Read more

    • Published: Jan. 08, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2024-6350

    A malformed 802.15.4 packet causes a buffer overflow to occur leading to an assert and a denial of service. A watchdog reset clears the error condition automatically.... Read more

    Affected Products :
    • Published: Jan. 08, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2024-56787

    In the Linux kernel, the following vulnerability has been resolved: soc: imx8m: Probe the SoC driver as platform driver With driver_async_probe=* on kernel command line, the following trace is produced because on i.MX8M Plus hardware because the soc-imx... Read more

    Affected Products : linux_kernel
    • Published: Jan. 08, 2025
    • Modified: Jan. 09, 2025

  • 5.5

    MEDIUM
    CVE-2024-56785

    In the Linux kernel, the following vulnerability has been resolved: MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a Fix the dtc warnings: arch/mips/boot/dts/loongson/ls7a-pch.dtsi:68.16-416.5: Warning (interrupt_provider): /bus@10000000/... Read more

    Affected Products : linux_kernel
    • Published: Jan. 08, 2025
    • Modified: Jan. 09, 2025

  • 7.8

    HIGH
    CVE-2024-56784

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adding array index check to prevent memory corruption [Why & How] Array indices out of bound caused memory corruption. Adding checks to ensure that array index stays in... Read more

    Affected Products : linux_kernel
    • Published: Jan. 08, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2024-56783

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level cgroup maximum depth is INT_MAX by default, there is a cgroup toggle to restrict this maximum depth to a more reasonab... Read more

    Affected Products : linux_kernel
    • Published: Jan. 08, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2024-56782

    In the Linux kernel, the following vulnerability has been resolved: ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration() acpi_dev_hid_match() does not check for adev == NULL, dereferencing it unconditional. Add a check for adev being ... Read more

    Affected Products : linux_kernel
    • Published: Jan. 08, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2024-56781

    In the Linux kernel, the following vulnerability has been resolved: powerpc/prom_init: Fixup missing powermac #size-cells On some powermacs `escc` nodes are missing `#size-cells` properties, which is deprecated and now triggers a warning at boot since c... Read more

    Affected Products : linux_kernel
    • Published: Jan. 08, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293562 Results