Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    CRITICAL
    CVE-2024-13871

    A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (firmware version 1.3.11.490). This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, ... Read more

    Affected Products : box_firmware box
    • Published: Mar. 12, 2025
    • Modified: Jul. 30, 2025

  • 9.4

    CRITICAL
    CVE-2024-13872

    Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /set_temp_token A... Read more

    Affected Products : box_firmware box
    • Published: Mar. 12, 2025
    • Modified: Jul. 30, 2025

  • 6.8

    MEDIUM
    CVE-2024-30939

    An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset procedure.... Read more

    Affected Products : vp59_firmware
    • Published: Apr. 25, 2024
    • Modified: Jul. 30, 2025

  • 7.5

    HIGH
    CVE-2024-28442

    Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physically proximate attacker to obtain sensitive information via terms of use function in the company portal component.... Read more

    Affected Products : vp59_firmware vp59
    • Published: Mar. 26, 2024
    • Modified: Jul. 30, 2025

  • 7.7

    HIGH
    CVE-2024-31410

    The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate any client in the system and send malicious data.... Read more

    Affected Products : powerpanel
    • Published: May. 15, 2024
    • Modified: Jul. 30, 2025

  • 2.1

    LOW
    CVE-2024-31747

    An issue in Yealink VP59 Microsoft Teams Phone firmware 91.15.0.118 (fixed in 122.15.0.142) allows a physically proximate attacker to disable the phone lock via the Walkie Talkie menu option.... Read more

    Affected Products : vp59_firmware
    • Published: Apr. 29, 2024
    • Modified: Jul. 30, 2025

  • 8.8

    HIGH
    CVE-2024-31856

    An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote code.... Read more

    Affected Products : powerpanel
    • Published: May. 15, 2024
    • Modified: Jul. 30, 2025

  • 7.5

    HIGH
    CVE-2024-32042

    The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered.... Read more

    Affected Products : powerpanel
    • Published: May. 15, 2024
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-32047

    Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production server.... Read more

    Affected Products : powerpanel
    • Published: May. 15, 2024
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-32053

    Hard-coded credentials are used by the  CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business applicati... Read more

    Affected Products : powerpanel
    • Published: May. 15, 2024
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-3271

    A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to e... Read more

    Affected Products : llamaindex
    • Published: Apr. 16, 2024
    • Modified: Jul. 30, 2025

  • 7.1

    HIGH
    CVE-2024-54461

    The file names constructed within file_selector are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select a document file from tha... Read more

    Affected Products : file_selector_android
    • Published: Jan. 29, 2025
    • Modified: Jul. 30, 2025

  • 7.1

    HIGH
    CVE-2024-54462

    The file names constructed within image_picker are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select an image file from that p... Read more

    Affected Products : image_picker_android
    • Published: Jan. 29, 2025
    • Modified: Jul. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-55907

    IBM Cognos Analytics Mobile 1.1 for iOS application could allow an attacker to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used due to weak obfuscation.... Read more

    Affected Products : cognos_analytics_mobile
    • Published: Mar. 02, 2025
    • Modified: Jul. 30, 2025

  • 8.5

    HIGH
    CVE-2024-5271

    Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a type confusion, which could result in arbitrary code execution.... Read more

    Affected Products : monitouch_v-sft
    • Published: May. 30, 2024
    • Modified: Jul. 30, 2025

  • 8.8

    HIGH
    CVE-2024-52047

    A widget local file inclusion vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target s... Read more

    Affected Products : apex_one
    • Published: Dec. 31, 2024
    • Modified: Jul. 29, 2025

  • 6.1

    MEDIUM
    CVE-2024-4940

    An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Sid... Read more

    Affected Products : gradio
    • Published: Jun. 22, 2024
    • Modified: Jul. 29, 2025

  • 7.5

    HIGH
    CVE-2021-39081

    IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.... Read more

    Affected Products : cognos_analytics_mobile
    • Published: Dec. 19, 2024
    • Modified: Jul. 29, 2025

  • 7.5

    HIGH
    CVE-2021-3978

    When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root ( https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.ser... Read more

    Affected Products : octorpki
    • Published: Jan. 29, 2025
    • Modified: Jul. 29, 2025

  • 9.8

    CRITICAL
    CVE-2021-4458

    The Modern Events Calendar Lite plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'wp_ajax_mec_load_single_page' AJAX action in all versions up to, and including, 6.3.0 due to insufficient escaping on the user supplied para... Read more

    Affected Products : modern_events_calendar_lite
    • Published: Jul. 12, 2025
    • Modified: Jul. 29, 2025
Showing 20 of 291024 Results