Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2025-43862

    Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non... Read more

    Affected Products : dify
    • Published: Apr. 25, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-1194

    A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file `tokenization_gpt_neox_japanese.py` of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapane... Read more

    Affected Products : transformers
    • Published: Apr. 29, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-0217

    BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unaut... Read more

    Affected Products : privileged_remote_access
    • Published: May. 05, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-46726

    Langroid is a framework for building large-language-model-powered applications. Prior to version 0.53.4, a LLM application leveraging `XMLToolMessage` class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with se... Read more

    Affected Products : langroid
    • Published: May. 05, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-46728

    cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when `Transfer-Encoding: chunked` is used or when no `Content-Length` header is ... Read more

    Affected Products : cpp-httplib cpp-httplib
    • Published: May. 06, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-12720

    A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization_nougat_fast.py. The vulnerability occurs in the post_process_single() function, where a regular expr... Read more

    Affected Products : transformers
    • Published: Mar. 20, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2025-32383

    MaxKB (Max Knowledge Base) is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). A reverse shell vulnerability exists in the module of function library. The vulnerability allow... Read more

    Affected Products : maxkb
    • Published: Apr. 10, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-20236

    A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. T... Read more

    Affected Products : webex_teams
    • Published: Apr. 16, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-26477

    Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.... Read more

    Affected Products : elastic_cloud_storage objectscale
    • Published: Apr. 17, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-26478

    Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.... Read more

    Affected Products : elastic_cloud_storage objectscale
    • Published: Apr. 17, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-20323

    A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote attacker to hijack the TLS connection between Cisco iNode Manager and associated intelligent nodes and send arbitrary traffic to an affected device. This ... Read more

    Affected Products : inode_manager inode
    • Published: Jul. 17, 2024
    • Modified: Aug. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-6576

    Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Privilege Escalation.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3.... Read more

    Affected Products : moveit_transfer
    • Published: Jul. 29, 2024
    • Modified: Aug. 01, 2025

  • 8.6

    HIGH
    CVE-2024-20375

    A vulnerability in the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to cause a denial... Read more

    Affected Products : unified_communications_manager
    • Published: Aug. 21, 2024
    • Modified: Aug. 01, 2025

  • 7.5

    HIGH
    CVE-2024-41344

    A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges.... Read more

    Affected Products : codeigniter
    • Published: Oct. 15, 2024
    • Modified: Aug. 01, 2025

  • 5.4

    MEDIUM
    CVE-2020-26067

    A vulnerability in the web-based interface of Cisco Webex Teams could allow an authenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of usernames. An attacker could exploit this vulne... Read more

    Affected Products : webex_teams
    • Published: Nov. 18, 2024
    • Modified: Aug. 01, 2025

  • 7.5

    HIGH
    CVE-2024-55885

    beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version... Read more

    Affected Products : beego
    • Published: Dec. 12, 2024
    • Modified: Aug. 01, 2025

  • 7.2

    HIGH
    CVE-2024-56137

    MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). Prior to version 1.9.0, a remote command execution vulnerability exists in the... Read more

    Affected Products : maxkb
    • Published: Jan. 02, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 9.4

    CRITICAL
    CVE-2024-56320

    GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, and its associated API. A malicious insider/existing authe... Read more

    Affected Products : gocd
    • Published: Jan. 03, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authorization

  • 7.4

    HIGH
    CVE-2025-8182

    A vulnerability has been found in Tenda AC18 15.03.05.19 and classified as problematic. This vulnerability affects unknown code of the file /etc_ro/smb.conf of the component Samba. The manipulation leads to weak password requirements. The attack can be in... Read more

    Affected Products : ac18_firmware ac18
    • Published: Jul. 26, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2025-54583

    GitProxy is an application that stands between developers and a Git remote endpoint (e.g., github.com). Versions 1.19.1 and below allow users to push to remote repositories while bypassing policies and explicit approvals. Since checks and plugins are skip... Read more

    Affected Products : gitproxy
    • Published: Jul. 30, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authorization
Showing 20 of 291360 Results