Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2018-3908

    An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to... Read more

    Affected Products : sth-eth-250_firmware sth-eth-250
    • Published: Aug. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2023-36621

    An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. The child can use Safe Mode to remove all restrictions temporarily or uninstall the application without the parents noticing.... Read more

    Affected Products : boomerang
    • Published: Nov. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2024-3279

    An improper access control vulnerability exists in the mintplex-labs/anything-llm application, specifically within the import endpoint. This vulnerability allows an anonymous attacker, without an account in the application, to import their own database fi... Read more

    Affected Products : anythingllm
    • Published: Aug. 12, 2024
    • Modified: Jul. 10, 2025

  • 9.1

    CRITICAL
    CVE-2025-50251

    Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password recovery.... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.1

    CRITICAL
    CVE-2025-23327

    NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through specially crafted inputs. A successful exploit of this vulnerability might lead to denial of service and data tampering... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2025-8729

    A vulnerability has been found in MigoXLab LMeterX 1.2.0 and classified as critical. Affected by this vulnerability is the function process_cert_files of the file backend/service/upload_service.py. The manipulation of the argument task_id leads to path tr... Read more

    Affected Products : lmeterx
    • Published: Aug. 08, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2023-32174

    Unified Automation UaGateway NodeManagerOpcUa Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unified Automation UaGateway. Authentication is required to... Read more

    Affected Products : uagateway
    • Published: May. 03, 2024
    • Modified: Aug. 08, 2025

  • 9.1

    CRITICAL
    CVE-2025-6087

    A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary ... Read more

    • Published: Jun. 16, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.1

    CRITICAL
    CVE-2023-20154

    A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. This vulnerability is due to the improper handling of certain me... Read more

    Affected Products : modeling_labs
    • Published: Nov. 15, 2024
    • Modified: Aug. 05, 2025

  • 9.1

    CRITICAL
    CVE-2024-8551

    A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially lead... Read more

    Affected Products : agentscope
    • Published: Mar. 20, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2025-53882

    A Reliance on Untrusted Inputs in a Security Decision vulnerability in the logrotate configuration for openSUSE mailman3 package allows the mailman user to sent SIGHUP to arbitrary processes. This issue affects openSUSE Tumbleweed: from ? before 3.3.10-2.... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2024-4253

    A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized ... Read more

    Affected Products : gradio video
    • Published: Jun. 04, 2024
    • Modified: Jul. 30, 2025

  • 9.1

    CRITICAL
    CVE-2025-54416

    tj-actions/branch-names is a Github actions repository that contains workflows to retrieve branch or tag names with support for all events. In versions 8.2.1 and below, a critical vulnerability has been identified in the tj-actions/branch-names' GitHub Ac... Read more

    Affected Products : branch-names
    • Published: Jul. 26, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-7874

    A vulnerability was found in Metasoft 美特软件 MetaCRM up to 6.4.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /env.jsp. The manipulation leads to information disclosure. The attack may be launched remot... Read more

    Affected Products : metacrm
    • Published: Jul. 20, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2024-10833

    eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on th... Read more

    Affected Products : db-gpt
    • Published: Mar. 20, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2024-10834

    eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absolute path to a call to `os.path.join`, enabling an attacker to write files to a... Read more

    Affected Products : db-gpt
    • Published: Mar. 20, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2025-7712

    The Madara - Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wp_manga_delete_zip() function in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attacker... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2024-29868

    Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take ov... Read more

    Affected Products : streampipes
    • Published: Jun. 24, 2024
    • Modified: Jul. 15, 2025

  • 9.1

    CRITICAL
    CVE-2024-6036

    A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint with `"fn_index":66`. This unrestricted server restart capability can severely disrup... Read more

    Affected Products : chuanhuchatgpt
    • Published: Jul. 10, 2024
    • Modified: Jul. 15, 2025

  • 9.1

    CRITICAL
    CVE-2025-4603

    The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and including, 1.2.5. This makes it possible for unauth... Read more

    • Published: May. 24, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Path Traversal
Showing 20 of 294858 Results