Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2025-31491

    AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows of leakage of cross-domain cookies and protected headers in requests redirect. ... Read more

    Affected Products : autogpt autogpt_platform
    • Published: Apr. 15, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-0454

    A Server-Side Request Forgery (SSRF) vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. The vulnerability arises due to a hostname confusion between the `urlparse` function from the `urllib.parse... Read more

    Affected Products : autogpt autogpt_platform
    • Published: Mar. 20, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2025-1040

    AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE). The vulnerability arises from the improper handling of user-supplied format strings in the `AgentOutputBlock` impl... Read more

    Affected Products : autogpt autogpt_platform
    • Published: Mar. 20, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2023-6605

    A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.... Read more

    Affected Products : ffmpeg
    • Published: Jan. 06, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-8365

    A vulnerability was found in Portabilis i-Educar 2.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file atendidos_cad.php. The manipulation of the argument nome/nome_social/email leads to cross si... Read more

    Affected Products : i-educar
    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-8366

    A vulnerability was found in Portabilis i-Educar 2.9. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /intranet/educar_servidor_lst.php. The manipulation of the argument nome/matricula_servidor leads to c... Read more

    Affected Products : i-educar
    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-8367

    A vulnerability classified as problematic has been found in Portabilis i-Educar 2.9. This affects an unknown part of the file /intranet/funcionario_vinculo_lst.php. The manipulation of the argument nome leads to cross site scripting. It is possible to ini... Read more

    Affected Products : i-educar
    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-8368

    A vulnerability classified as problematic was found in Portabilis i-Educar 2.9. This vulnerability affects unknown code of the file /intranet/pesquisa_pessoa_lst.php. The manipulation of the argument campo_busca/cpf leads to cross site scripting. The atta... Read more

    Affected Products : i-educar
    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-8369

    A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9. This issue affects some unknown processing of the file /intranet/educar_avaliacao_desempenho_lst.php. The manipulation of the argument titulo_avaliacao leads ... Read more

    Affected Products : i-educar
    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-10935

    automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnerability where the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitra... Read more

    Affected Products : stable-diffusion-webui
    • Published: Mar. 20, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2024-11044

    An open redirect vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This vulnerability can be exploited to conduct phishing att... Read more

    Affected Products : stable-diffusion-webui
    • Published: Mar. 20, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2025-54349

    In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow.... Read more

    Affected Products : iperf3 iperf
    • Published: Aug. 03, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-54350

    In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt.... Read more

    Affected Products : iperf3 iperf
    • Published: Aug. 03, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-54351

    In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv).... Read more

    Affected Products : iperf3 iperf
    • Published: Aug. 03, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2024-41177

    Incomplete Blacklist to Cross-Site Scripting vulnerability in Apache Zeppelin. This issue affects Apache Zeppelin: before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue.... Read more

    Affected Products : zeppelin
    • Published: Aug. 03, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.6

    CRITICAL
    CVE-2024-11045

    A Cross-Site WebSocket Hijacking (CSWSH) vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on... Read more

    Affected Products : stable-diffusion-webui
    • Published: Mar. 20, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-12074

    A Denial of Service (DoS) vulnerability was discovered in the file upload feature of automatic1111/stable-diffusion-webui version 1.10.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sendi... Read more

    Affected Products : stable-diffusion-webui
    • Published: Mar. 20, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Denial of Service

  • 2.5

    LOW
    CVE-2025-8534

    A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch th... Read more

    Affected Products : libtiff
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-8530

    A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file eladmin-system\src\main\resources\config\application-prod.yml of the component Druid. The ma... Read more

    Affected Products : eladmin
    • Published: Aug. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-8526

    A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This vulnerability affects the function Upload of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/UploadController.java. The manipula... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authentication
Showing 20 of 291385 Results