Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-41183

    Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite under specific conditions that can lead to elevation of privileges.... Read more

    Affected Products : vpn
    • Published: Oct. 22, 2024
    • Modified: Jul. 31, 2025

  • 9.8

    CRITICAL
    CVE-2025-4447

    In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts.... Read more

    Affected Products : openj9
    • Published: May. 09, 2025
    • Modified: Jul. 31, 2025

  • 7.6

    HIGH
    CVE-2025-6705

    A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system’s build scripts were executed without proper isolation, potentially exposing a privileged token.... Read more

    Affected Products : open_vsx
    • Published: Jun. 27, 2025
    • Modified: Jul. 31, 2025

  • 7.5

    HIGH
    CVE-2024-12704

    A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. The stream_complete method executes the llm using a thread and retrieves the result via the get_response_gen m... Read more

    Affected Products : llamaindex
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025

  • 9.8

    CRITICAL
    CVE-2025-1750

    An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llama_index version v0.12.19. This vulnerability allows an attacker to manipulate the ref_doc_id parameter, enabling them to read and write arbitrary files on t... Read more

    Affected Products : llamaindex
    • Published: Jun. 02, 2025
    • Modified: Jul. 31, 2025

  • 6.5

    MEDIUM
    CVE-2024-20396

    A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handler... Read more

    Affected Products : webex_teams
    • Published: Jul. 17, 2024
    • Modified: Jul. 31, 2025

  • 7.8

    HIGH
    CVE-2024-48903

    An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the t... Read more

    Affected Products : windows deep_security_agent
    • Published: Oct. 22, 2024
    • Modified: Jul. 31, 2025

  • 7.3

    HIGH
    CVE-2024-20395

    A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend service... Read more

    Affected Products : webex_teams
    • Published: Jul. 17, 2024
    • Modified: Jul. 31, 2025

  • 6.5

    MEDIUM
    CVE-2025-29770

    vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. The outlines library is one of the backends used by vLLM to support structured output (a.k.a. guided decoding). Outlines provides an optional cache for its compiled gram... Read more

    Affected Products : vllm
    • Published: Mar. 19, 2025
    • Modified: Jul. 31, 2025

  • 8.8

    HIGH
    CVE-2025-2324

    Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, fr... Read more

    Affected Products : moveit_transfer
    • Published: Mar. 19, 2025
    • Modified: Jul. 31, 2025

  • 6.1

    MEDIUM
    CVE-2022-20663

    A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Stealthwatch Enterprise, could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.... Read more

    Affected Products : secure_network_analytics
    • Published: Nov. 15, 2024
    • Modified: Jul. 31, 2025

  • 6.5

    MEDIUM
    CVE-2025-20190

    A vulnerability in the lobby ambassador web interface of Cisco IOS XE Wireless Controller Software could allow an authenticated, remote attacker to remove arbitrary users that are defined on an affected device. This vulnerability is due to insufficient... Read more

    • Published: May. 07, 2025
    • Modified: Jul. 31, 2025

  • 6.5

    MEDIUM
    CVE-2024-10707

    gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue (CVE-2024-4941). This vulnerability allows unauthenticated users to access arbitrary... Read more

    Affected Products : chuanhuchatgpt
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025

  • 7.4

    HIGH
    CVE-2022-20814

    A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.  The vulnerability is due to a lack of valida... Read more

    • Published: Nov. 15, 2024
    • Modified: Jul. 31, 2025

  • 7.4

    HIGH
    CVE-2022-20853

    A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to in... Read more

    • Published: Nov. 15, 2024
    • Modified: Jul. 31, 2025

  • 4.3

    MEDIUM
    CVE-2022-20939

    A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to inadequate protection of sensitive ... Read more

    • Published: Nov. 15, 2024
    • Modified: Jul. 31, 2025

  • 7.5

    HIGH
    CVE-2024-10907

    In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary. Each ... Read more

    Affected Products : fastchat
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025

  • 6.1

    MEDIUM
    CVE-2024-10908

    An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credentia... Read more

    Affected Products : fastchat
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025

  • 10.0

    CRITICAL
    CVE-2024-20419

    A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper... Read more

    Affected Products : smart_software_manager_on-prem
    • Published: Jul. 17, 2024
    • Modified: Jul. 31, 2025

  • 7.8

    HIGH
    CVE-2025-1253

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.... Read more

    Affected Products : connext_professional
    • Published: May. 08, 2025
    • Modified: Jul. 31, 2025
Showing 20 of 291024 Results