Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-3046

    A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails to resolve symlinks to their real paths and does not vali... Read more

    Affected Products : llamaindex
    • Published: Jul. 07, 2025
    • Modified: Jul. 30, 2025

  • 7.5

    HIGH
    CVE-2025-3225

    An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llama_index repository, specifically affecting version v0.12.21. This vulnerability allows an attacker to supply a malicious Site... Read more

    Affected Products : llamaindex
    • Published: Jul. 07, 2025
    • Modified: Jul. 30, 2025

  • 7.8

    HIGH
    CVE-2024-32849

    Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.... Read more

    • Published: Jun. 10, 2024
    • Modified: Jul. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-24770

    vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling ... Read more

    Affected Products : vantage6
    • Published: Mar. 14, 2024
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-54438

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 30, 2025

  • 8.8

    HIGH
    CVE-2025-54439

    Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-54440

    Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 30, 2025

  • 6.6

    MEDIUM
    CVE-2023-6725

    An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to a... Read more

    Affected Products : openstack_platform glance-store
    • Published: Mar. 15, 2024
    • Modified: Jul. 30, 2025

  • 8.8

    HIGH
    CVE-2025-54441

    Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-54442

    Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-54443

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-54444

    Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-49841

    GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in process_ckpt.py. The SoVITS_dropdown variable takes user input and passes it to the load_sovits_new func... Read more

    Affected Products : gpt-sovits-webui
    • Published: Jul. 15, 2025
    • Modified: Jul. 30, 2025

  • 5.4

    MEDIUM
    CVE-2025-5198

    A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object* th... Read more

    Affected Products : advanced_cluster_security stackrox
    • Published: May. 27, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-49840

    GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in inference_webui.py. The GPT_dropdown variable takes user input and passes it to the change_gpt_weights f... Read more

    Affected Products : gpt-sovits-webui
    • Published: Jul. 15, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-49838

    GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPreDeEcho. The model_choose variable takes user input (e.g. a path to a model) and passes it ... Read more

    Affected Products : gpt-sovits-webui
    • Published: Jul. 15, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-49836

    GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py change_label function. path_list takes user input, which is passed to the change_label function, whic... Read more

    Affected Products : gpt-sovits-webui
    • Published: Jul. 15, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-49834

    GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py open_denoise function. denoise_inp_dir and denoise_opt_dir take user input, which is passed to the op... Read more

    Affected Products : gpt-sovits-webui
    • Published: Jul. 15, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-49839

    GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in bsroformer.py. The model_choose variable takes user input (e.g. a path to a model) and passes it to the ... Read more

    Affected Products : gpt-sovits-webui
    • Published: Jul. 15, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-49837

    GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPre. The model_choose variable takes user input (e.g. a path to a model) and passes it to the... Read more

    Affected Products : gpt-sovits-webui
    • Published: Jul. 15, 2025
    • Modified: Jul. 30, 2025
Showing 20 of 291024 Results