Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-1561

    An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cache()`... Read more

    Affected Products : gradio
    • Published: Apr. 16, 2024
    • Modified: Jul. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-1681

    corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerabili... Read more

    Affected Products : flask-cors flask-cors
    • Published: Apr. 19, 2024
    • Modified: Jul. 30, 2025

  • 8.8

    HIGH
    CVE-2024-3622

    A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the... Read more

    Affected Products : mirror_registry
    • Published: Apr. 25, 2024
    • Modified: Jul. 30, 2025

  • 8.1

    HIGH
    CVE-2024-3623

    A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registr... Read more

    Affected Products : mirror_registry
    • Published: Apr. 25, 2024
    • Modified: Jul. 30, 2025

  • 7.3

    HIGH
    CVE-2025-48798

    A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-... Read more

    • Published: May. 27, 2025
    • Modified: Jul. 30, 2025

  • 6.7

    MEDIUM
    CVE-2024-20306

    A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an at... Read more

    Affected Products : ios_xe
    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 8.2

    HIGH
    CVE-2024-21690

    This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.1, 8.8.0, and 8.9.0 of Confluence Data Center and Server. This Reflect... Read more

    • Published: Aug. 21, 2024
    • Modified: Jul. 30, 2025

  • 5.6

    MEDIUM
    CVE-2024-20309

    A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This vulnerability is due to the incorrect handling of specif... Read more

    Affected Products : ios_xe
    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 8.6

    HIGH
    CVE-2024-20311

    A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to the incorrect handl... Read more

    Affected Products : ios_xe ios
    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 4.3

    MEDIUM
    CVE-2024-21684

    There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Versions of Bitbucket DC from 8.0.0 to 8.9.12 and 8.19.0 to 8.19.1 are affected by this vulnerability. It is patched in 8.9.13 and 8.19.2. This open re... Read more

    Affected Products : bitbucket_data_center
    • Published: Jul. 24, 2024
    • Modified: Jul. 30, 2025

  • 8.6

    HIGH
    CVE-2024-20314

    A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and stop all traffic processing, resulting in a denial of servi... Read more

    Affected Products : ios_xe
    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 5.8

    MEDIUM
    CVE-2024-20316

    A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL). This vulnerability i... Read more

    Affected Products : ios_xe
    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 7.3

    HIGH
    CVE-2025-22165

    This Medium severity ACE (Arbitrary Code Execution) vulnerability was introduced in version 4.2.8 of Sourcetree for Mac. This ACE (Arbitrary Code Execution) vulnerability, with a CVSS Score of 5.9, allows a locally authenticated attacker to execute arbit... Read more

    Affected Products : sourcetree
    • Published: Jul. 24, 2025
    • Modified: Jul. 30, 2025

  • 5.5

    MEDIUM
    CVE-2024-20324

    A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords. This vulnerability is due to improper privilege checks. An attacker could exploit... Read more

    Affected Products : ios_xe
    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 7.5

    HIGH
    CVE-2024-20307

    A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected device reloading. This vulnerability exists because craft... Read more

    Affected Products : ios_xe ios
    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 5.9

    MEDIUM
    CVE-2024-1729

    A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation (`app.auth[username] == password`) to validate user crede... Read more

    Affected Products : gradio
    • Published: Mar. 29, 2024
    • Modified: Jul. 30, 2025

  • 7.8

    HIGH
    CVE-2025-4275

    A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary sig... Read more

    Affected Products :
    • Published: Jun. 11, 2025
    • Modified: Jul. 30, 2025

  • 0.0

    NA
    CVE-2025-38085

    In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may have previously been shared across processes, potentially turning it in... Read more

    Affected Products : linux_kernel
    • Published: Jun. 28, 2025
    • Modified: Jul. 30, 2025

  • 0.0

    NA
    CVE-2025-38084

    In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: unshare page tables during VMA split, not before Currently, __split_vma() triggers hugetlb page table unsharing through vm_ops->may_split(). This happens before the VMA loc... Read more

    Affected Products : linux_kernel
    • Published: Jun. 28, 2025
    • Modified: Jul. 30, 2025

  • 10.0

    CRITICAL
    CVE-2025-32510

    Unrestricted Upload of File with Dangerous Type vulnerability in Ovatheme Ovatheme Events Manager allows Using Malicious Files.This issue affects Ovatheme Events Manager: from n/a through 1.8.4.... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jul. 30, 2025
Showing 20 of 291015 Results