Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-13276

    Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.39.... Read more

    Affected Products : file_entity
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2024-13277

    Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.This issue affects Smart IP Ban: from 7.X-1.0 before 7.X-1.1.... Read more

    Affected Products : smart_ip_ban
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2024-13278

    Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0.... Read more

    Affected Products : diff
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-13279

    Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.8.0.... Read more

    Affected Products : two-factor_authentication
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-13280

    Insufficient Session Expiration vulnerability in Drupal Persistent Login allows Forceful Browsing.This issue affects Persistent Login: from 0.0.0 before 1.8.0, from 2.0.* before 2.2.2.... Read more

    Affected Products : persistent_login
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2024-13281

    Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2.... Read more

    Affected Products : monster_menus
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2024-13282

    Incorrect Authorization vulnerability in Drupal Block permissions allows Forceful Browsing.This issue affects Block permissions: from 1.0.0 before 1.2.0.... Read more

    Affected Products : block_permissions
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2024-13283

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.9.... Read more

    Affected Products : facets
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-13284

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Gutenberg allows Cross Site Request Forgery.This issue affects Gutenberg: from 0.0.0 before 2.13.0, from 3.0.0 before 3.0.5.... Read more

    Affected Products : gutenberg
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2024-13285

    Vulnerability in Drupal wkhtmltopdf.This issue affects wkhtmltopdf: *.*.... Read more

    Affected Products : wkhtmltopdf
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025

  • 5.4

    MEDIUM
    CVE-2024-13286

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal SVG Embed allows Cross-Site Scripting (XSS).This issue affects SVG Embed: from 0.0.0 before 2.1.2.... Read more

    Affected Products : svg_embed
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-13287

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Views SVG Animation allows Cross-Site Scripting (XSS).This issue affects Views SVG Animation: from 0.0.0 before 1.0.1.... Read more

    Affected Products : views_svg_animation
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-13288

    Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2.... Read more

    Affected Products : monster_menus
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-13289

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Cookiebot + GTM allows Cross-Site Scripting (XSS).This issue affects Cookiebot + GTM: from 0.0.0 before 1.0.18.... Read more

    Affected Products : cookiebot_\+_gtm
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-9250

    A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function setPWDbyBBS of the file /goform/setPWDbyBBS. Such manipulation of the argument h... Read more

    • Published: Aug. 20, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-9251

    A security flaw has been discovered in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function sta_wps_pin of the file /goform/sta_wps_pin. Performing manipulation of the ... Read more

    • Published: Aug. 20, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-9252

    A weakness has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function DisablePasswordAlertRedirect of the file /goform/DisablePas... Read more

    • Published: Aug. 20, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-9253

    A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function RP_doSpecifySiteSurvey of the file /goform/RP_doSpecify... Read more

    • Published: Aug. 20, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-9249

    A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function DHCPReserveAddGroup of the file /goform/DHCPReserveAddGroup. This manipulation o... Read more

    • Published: Aug. 20, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-9248

    A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The impacted element is the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. The manipulat... Read more

    • Published: Aug. 20, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292795 Results