Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    CRITICAL
    CVE-2025-54079

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the endpoint `/html/atendido/Profile_Atendido.php`, in the `idatendido` par... Read more

    Affected Products : wegia
    • Published: Jul. 18, 2025
    • Modified: Jul. 30, 2025

  • 6.5

    MEDIUM
    CVE-2025-54078

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `personalizacao_imagem.php` endpoint of the WeGI... Read more

    Affected Products : wegia
    • Published: Jul. 18, 2025
    • Modified: Jul. 30, 2025

  • 6.5

    MEDIUM
    CVE-2025-54077

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `personalizacao.php` endpoint of the WeGIA appli... Read more

    Affected Products : wegia
    • Published: Jul. 18, 2025
    • Modified: Jul. 30, 2025

  • 6.5

    MEDIUM
    CVE-2025-54076

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `pre_cadastro_atendido.php` endpoint of the WeGI... Read more

    Affected Products : wegia
    • Published: Jul. 18, 2025
    • Modified: Jul. 30, 2025

  • 9.4

    CRITICAL
    CVE-2025-54062

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `/html/funcionario/profile_dependente.php` endpoint, specifically in th... Read more

    Affected Products : wegia
    • Published: Jul. 17, 2025
    • Modified: Jul. 30, 2025

  • 9.4

    CRITICAL
    CVE-2025-54061

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `idatendido_familiares` parameter of the `/html/funcionario/dependente_... Read more

    Affected Products : wegia
    • Published: Jul. 17, 2025
    • Modified: Jul. 30, 2025

  • 9.4

    CRITICAL
    CVE-2025-54060

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `idatendido_familiares` parameter of the `/html/funcionario/dependente_... Read more

    Affected Products : wegia
    • Published: Jul. 17, 2025
    • Modified: Jul. 30, 2025

  • 9.4

    CRITICAL
    CVE-2025-54058

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `idatendido_familiares` parameter of the `/html/funcionario/dependente_... Read more

    Affected Products : wegia
    • Published: Jul. 17, 2025
    • Modified: Jul. 30, 2025

  • 9.4

    CRITICAL
    CVE-2025-53946

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.5 in the `id_funcionario` parameter of the `/html/saude/profile_paciente.php` en... Read more

    Affected Products : wegia
    • Published: Jul. 17, 2025
    • Modified: Jul. 30, 2025

  • 8.6

    HIGH
    CVE-2024-1540

    A command injection vulnerability exists in the deploy+test-visual.yml workflow of the gradio-app/gradio repository, due to improper neutralization of special elements used in a command. This vulnerability allows attackers to execute unauthorized commands... Read more

    Affected Products : gradio
    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 7.5

    HIGH
    CVE-2024-9823

    There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory... Read more

    • Published: Oct. 14, 2024
    • Modified: Jul. 30, 2025

  • 4.4

    MEDIUM
    CVE-2023-20092

    Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on ... Read more

    • Published: Nov. 15, 2024
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-7099

    netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include `get_knowledge_base_name`, `from_status_to_status`, `delete... Read more

    Affected Products : qanything qanything
    • Published: Oct. 13, 2024
    • Modified: Jul. 30, 2025

  • 8.6

    HIGH
    CVE-2024-2398

    When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the ... Read more

    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-2466

    libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, ther... Read more

    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-8096

    When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If th... Read more

    • Published: Sep. 11, 2024
    • Modified: Jul. 30, 2025

  • 3.5

    LOW
    CVE-2024-2004

    When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.s... Read more

    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 6.3

    MEDIUM
    CVE-2024-2379

    libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certi... Read more

    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 3.4

    LOW
    CVE-2025-0167

    When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default... Read more

    • Published: Feb. 05, 2025
    • Modified: Jul. 30, 2025

  • 4.8

    MEDIUM
    CVE-2025-5025

    libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, f... Read more

    Affected Products : curl
    • Published: May. 28, 2025
    • Modified: Jul. 30, 2025
Showing 20 of 291015 Results