Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-12107

    Double-Free Vulnerability in uD3TN BPv7 Caused by Malformed Endpoint Identifier allows remote attacker to reliably cause DoS... Read more

    Affected Products : ud3tn
    • Published: Dec. 04, 2024
    • Modified: Aug. 05, 2025

  • 7.2

    HIGH
    CVE-2025-46123

    An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint `/admin/_conf.jsp` writes the Wi-Fi guest password to memor... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2025-46122

    An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint `/admin/_cmdstat.jsp` passes attacker-controlled input to the shell without adequate validation, enabling a... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-46121

    An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client hostname directly to snprintf as the format string. A re... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-46120

    An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates o... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Path Traversal

  • 6.3

    MEDIUM
    CVE-2025-46119

    An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrato... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-46118

    An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remot... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-46117

    An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script `.ap_debug.sh` invoked from the restricted CLI does not properly sanitize its ... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-54141

    ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesyst... Read more

    Affected Products : viewvc
    • Published: Jul. 22, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-46116

    An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` vi... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-51535

    Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability.... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-50420

    An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service (DoS).... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-46206

    An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the `st... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-8370

    A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9. Affected is an unknown function of the file /intranet/educar_escolaridade_lst.php. The manipulation of the argument descricao leads to cross site scripting. It is ... Read more

    Affected Products : i-educar
    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-1473

    A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the ma... Read more

    Affected Products : mlflow
    • Published: Mar. 20, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2025-31490

    AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows SSRF due to DNS Rebinding in requests wrapper. AutoGPT is built with a wrapper ... Read more

    Affected Products : autogpt autogpt_platform
    • Published: Apr. 14, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.6

    HIGH
    CVE-2025-31491

    AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows of leakage of cross-domain cookies and protected headers in requests redirect. ... Read more

    Affected Products : autogpt autogpt_platform
    • Published: Apr. 15, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-0454

    A Server-Side Request Forgery (SSRF) vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. The vulnerability arises due to a hostname confusion between the `urlparse` function from the `urllib.parse... Read more

    Affected Products : autogpt autogpt_platform
    • Published: Mar. 20, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2025-1040

    AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE). The vulnerability arises from the improper handling of user-supplied format strings in the `AgentOutputBlock` impl... Read more

    Affected Products : autogpt autogpt_platform
    • Published: Mar. 20, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2023-6605

    A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.... Read more

    Affected Products : ffmpeg
    • Published: Jan. 06, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Server-Side Request Forgery
Showing 20 of 291312 Results