Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-55553

    In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for F... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-54767

    An access control issue in the component /juis_boxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sensitive information without authentication. NOTE: this is disputed by the Supplier because it cannot be reproduced, and the issue report... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-54764

    An access control issue in the component /login/hostinfo2.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication.... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-21616

    Plane is an open-source project management tool. A cross-site scripting (XSS) vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profi... Read more

    Affected Products : plane
    • Published: Jan. 06, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-54763

    An access control issue in the component /login/hostinfo.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication.... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2024-53936

    The com.asianmobile.callcolor (aka Color Phone Call Screen App) application through 24 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.asianmobile.callcolor.ui... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-53935

    The com.callos14.callscreen.colorphone (aka iCall OS17 - Color Phone Flash) application through 4.3 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.callos14.ca... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authentication

  • 7.7

    HIGH
    CVE-2024-53934

    The com.windymob.callscreen.ringtone.callcolor.colorphone (aka Color Phone Call Screen Themes) application through 1.1.2 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent vi... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2024-53933

    The com.callerscreen.colorphone.themes.callflash (aka Color Call Theme & Call Screen) application through 1.0.7 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2024-53932

    The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color Phone: Call Screen Theme) application through 21.1.9 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent v... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2024-53931

    The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.glitter.caller.scree... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Authentication

  • 4.4

    MEDIUM
    CVE-2024-51741

    Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redi... Read more

    Affected Products : redis
    • Published: Jan. 06, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-48457

    An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router ... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-48456

    An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router ... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2024-48455

    An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router ... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2024-46981

    Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.... Read more

    Affected Products : debian_linux redis
    • Published: Jan. 06, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2021-27285

    An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell.... Read more

    Affected Products : clusterengine
    • Published: Jan. 06, 2025
    • Modified: Sep. 05, 2025

  • 8.1

    HIGH
    CVE-2024-55076

    Grocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator's password.... Read more

    Affected Products : grocy
    • Published: Jan. 06, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-55075

    Grocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests to pages that are not shown in the UI, such as calendar and recipes.... Read more

    Affected Products : grocy
    • Published: Jan. 06, 2025
    • Modified: Jan. 06, 2025
    • Vuln Type: Information Disclosure

  • 6.3

    MEDIUM
    CVE-2025-21617

    Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. Prior to 0.8.1, Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source. This can leave servers vulnerable to replay attacks when TLS is not used. T... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 06, 2025
    • Vuln Type: Cryptography
Showing 20 of 293555 Results