Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-46209

    A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter.... Read more

    Affected Products : redaxo
    • Published: Jan. 06, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-35498

    A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : grav
    • Published: Jan. 06, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-56828

    File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as input. This string is then passed to the memberService.uploadAvatarByBase64 method f... Read more

    Affected Products : chestnutcms chestnutcms
    • Published: Jan. 06, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-55629

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, TCP streams with TCP urgent data (out of band data) can lead to Suricata analyzing data differently than the applications... Read more

    Affected Products : suricata
    • Published: Jan. 06, 2025
    • Modified: Mar. 31, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-55628

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly ... Read more

    Affected Products : suricata
    • Published: Jan. 06, 2025
    • Modified: Mar. 31, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-55627

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization wit... Read more

    Affected Products : suricata
    • Published: Jan. 06, 2025
    • Modified: Mar. 31, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2024-55626

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead to a buffer overflow at Suricata startup. The issue has ... Read more

    Affected Products : suricata
    • Published: Jan. 06, 2025
    • Modified: Mar. 31, 2025

  • 9.8

    CRITICAL
    CVE-2024-55529

    Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_users\theme\shell\template.... Read more

    Affected Products : z-blogphp
    • Published: Jan. 06, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2024-54880

    SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to register accounts in bulk.... Read more

    Affected Products : seacms
    • Published: Jan. 06, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2024-54879

    SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely.... Read more

    Affected Products : seacms
    • Published: Jan. 06, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-46622

    An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18 that allows arbitrary file creation, modification and deletion.... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2024-46073

    A reflected Cross-Site Scripting (XSS) vulnerability exists in the login page of IceHRM v32.4.0.OS. The vulnerability is due to improper sanitization of the "next" parameter, which is included in the application's response without adequate escaping. An at... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-21618

    NiceGUI is an easy-to-use, Python-based UI framework. Prior to 2.9.1, authenticating with NiceGUI logged in the user for all browsers, including browsers in incognito mode. This vulnerability is fixed in 2.9.1.... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 06, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-21615

    AAT (Another Activity Tracker) is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device.... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 06, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-21614

    go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing ... Read more

    Affected Products : go-git
    • Published: Jan. 06, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-21613

    go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary value... Read more

    Affected Products : go-git
    • Published: Jan. 06, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2024-56769

    In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg Syzbot reports [1] an uninitialized value issue found by KMSAN in dib3000_read_reg(). Local u8 rb[2] is used in i... Read more

    Affected Products : linux_kernel
    • Published: Jan. 06, 2025
    • Modified: Jan. 09, 2025

  • 5.5

    MEDIUM
    CVE-2024-56768

    In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP On x86-64 calling bpf_get_smp_processor_id() in a kernel with CONFIG_SMP disabled can trigger the following bug, as pcpu_hot is unavai... Read more

    Affected Products : linux_kernel
    • Published: Jan. 06, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2024-56767

    In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset The at_xdmac_memset_create_desc may return NULL, which will lead to a null pointer dereference. For example, the le... Read more

    Affected Products : linux_kernel
    • Published: Jan. 06, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-56766

    In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fix double free in atmel_pmecc_create_user() The "user" pointer was converted from being allocated with kzalloc() to being allocated by devm_kzalloc(). Calling kfree(user... Read more

    Affected Products : linux_kernel
    • Published: Jan. 06, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293592 Results