Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.7

    MEDIUM
    CVE-2025-20278

    A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due... Read more

    • Published: Jun. 04, 2025
    • Modified: Jul. 31, 2025

  • 8.8

    HIGH
    CVE-2024-10954

    In the `manim` plugin of binary-husky/gpt_academic, versions prior to the fix, a vulnerability exists due to improper handling of user-provided prompts. The root cause is the execution of untrusted code generated by the LLM without a proper sandbox. This ... Read more

    Affected Products : gpt_academic
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025

  • 6.5

    MEDIUM
    CVE-2024-10955

    A Regular Expression Denial of Service (ReDoS) vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern `r'<[^>]+>'` to parse user input. In Python's default regex engine, this pattern can take polynomial... Read more

    Affected Products : chuanhuchatgpt
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025

  • 6.5

    MEDIUM
    CVE-2024-11037

    A path traversal vulnerability exists in binary-husky/gpt_academic at commit 679352d, which allows an attacker to bypass the blocked_paths protection and read the config.py file containing sensitive information such as the OpenAI API key. This vulnerabili... Read more

    Affected Products : gpt_academic
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025

  • 9.8

    CRITICAL
    CVE-2024-11041

    vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue() API function. The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by send... Read more

    Affected Products : vllm vllm
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025

  • 7.5

    HIGH
    CVE-2024-12376

    A Server-Side Request Forgery (SSRF) vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise in... Read more

    Affected Products : fastchat
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025

  • 6.5

    MEDIUM
    CVE-2024-12387

    A vulnerability in the binary-husky/gpt_academic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into memory, which c... Read more

    Affected Products : gpt_academic
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025

  • 7.7

    HIGH
    CVE-2025-1254

    Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before ... Read more

    Affected Products : connext_professional
    • Published: May. 08, 2025
    • Modified: Jul. 31, 2025

  • 8.4

    HIGH
    CVE-2024-56131

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.... Read more

    • Published: Feb. 05, 2025
    • Modified: Jul. 31, 2025

  • 8.4

    HIGH
    CVE-2024-56132

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.... Read more

    • Published: Feb. 05, 2025
    • Modified: Jul. 31, 2025

  • 8.4

    HIGH
    CVE-2024-56133

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.... Read more

    • Published: Feb. 05, 2025
    • Modified: Jul. 31, 2025

  • 8.4

    HIGH
    CVE-2024-56134

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.... Read more

    • Published: Feb. 05, 2025
    • Modified: Jul. 31, 2025

  • 8.4

    HIGH
    CVE-2024-56135

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.... Read more

    • Published: Feb. 05, 2025
    • Modified: Jul. 31, 2025

  • 6.9

    MEDIUM
    CVE-2025-1007

    In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/{namespace}/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description, website, support link and ... Read more

    Affected Products : open_vsx
    • Published: Feb. 19, 2025
    • Modified: Jul. 31, 2025

  • 5.8

    MEDIUM
    CVE-2025-20153

    A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device. &nbsp; This ... Read more

    Affected Products : secure_email_gateway
    • Published: Feb. 19, 2025
    • Modified: Jul. 31, 2025

  • 9.1

    CRITICAL
    CVE-2025-53882

    A Improper Check for Dropped Privileges vulnerability in the logrotate setup of openSUSE Tumbleweed mailman3 allows the mailman user to create files as root, allowing for a potential privilege escalation. This issue affects openSUSE Tumbleweed: from ? bef... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 31, 2025

  • 8.3

    HIGH
    CVE-2025-6032

    A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-1793

    Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users de... Read more

    Affected Products : llamaindex
    • Published: Jun. 05, 2025
    • Modified: Jul. 30, 2025

  • 7.5

    HIGH
    CVE-2025-3108

    A critical deserialization vulnerability exists in the run-llama/llama_index library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pi... Read more

    Affected Products : llamaindex
    • Published: Jul. 06, 2025
    • Modified: Jul. 30, 2025

  • 5.3

    MEDIUM
    CVE-2025-3044

    A vulnerability in the ArxivReader class of the run-llama/llama_index repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but... Read more

    Affected Products : llamaindex
    • Published: Jul. 07, 2025
    • Modified: Jul. 30, 2025
Showing 20 of 291024 Results