Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2015-4495

    The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code... Read more

    • Actively Exploited
    • EPSS Score: %69.92
    • Published: Aug. 08, 2015
    • Modified: Jul. 30, 2025

  • 5.9

    MEDIUM
    CVE-2004-1464

    Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.... Read more

    Affected Products : ios
    • Actively Exploited
    • EPSS Score: %1.70
    • Published: Dec. 31, 2004
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2017-15944

    Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.... Read more

    Affected Products : pan-os
    • Actively Exploited
    • EPSS Score: %93.61
    • Published: Dec. 11, 2017
    • Modified: Jul. 30, 2025

  • 7.5

    HIGH
    CVE-2024-8550

    A Local File Inclusion (LFI) vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipul... Read more

    Affected Products : agentscope
    • Published: Feb. 10, 2025
    • Modified: Jul. 30, 2025

  • 10.0

    CRITICAL
    CVE-2024-12909

    A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for SQL injection in the `run_sql_query` function of the `database_agent`. This vulnerability can be exploited by an attacker to inject arb... Read more

    Affected Products : llamaindex
    • Published: Mar. 20, 2025
    • Modified: Jul. 30, 2025

  • 8.8

    HIGH
    CVE-2025-49704

    Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.... Read more

    • Actively Exploited
    • Published: Jul. 08, 2025
    • Modified: Jul. 30, 2025

  • 6.5

    MEDIUM
    CVE-2025-49706

    Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Actively Exploited
    • Published: Jul. 08, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-53770

    Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing... Read more

    • Actively Exploited
    • Published: Jul. 20, 2025
    • Modified: Jul. 30, 2025

  • 7.1

    HIGH
    CVE-2024-12911

    A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service (DoS) attacks. The vul... Read more

    Affected Products : llamaindex
    • Published: Mar. 20, 2025
    • Modified: Jul. 30, 2025

  • 5.7

    MEDIUM
    CVE-2024-13870

    An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed fir... Read more

    Affected Products : box_firmware box
    • Published: Mar. 12, 2025
    • Modified: Jul. 30, 2025

  • 9.4

    CRITICAL
    CVE-2024-13871

    A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (firmware version 1.3.11.490). This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, ... Read more

    Affected Products : box_firmware box
    • Published: Mar. 12, 2025
    • Modified: Jul. 30, 2025

  • 9.4

    CRITICAL
    CVE-2024-13872

    Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /set_temp_token A... Read more

    Affected Products : box_firmware box
    • Published: Mar. 12, 2025
    • Modified: Jul. 30, 2025

  • 6.8

    MEDIUM
    CVE-2024-30939

    An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset procedure.... Read more

    Affected Products : vp59_firmware
    • Published: Apr. 25, 2024
    • Modified: Jul. 30, 2025

  • 7.5

    HIGH
    CVE-2024-28442

    Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physically proximate attacker to obtain sensitive information via terms of use function in the company portal component.... Read more

    Affected Products : vp59_firmware vp59
    • Published: Mar. 26, 2024
    • Modified: Jul. 30, 2025

  • 7.7

    HIGH
    CVE-2024-31410

    The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate any client in the system and send malicious data.... Read more

    Affected Products : powerpanel
    • Published: May. 15, 2024
    • Modified: Jul. 30, 2025

  • 2.1

    LOW
    CVE-2024-31747

    An issue in Yealink VP59 Microsoft Teams Phone firmware 91.15.0.118 (fixed in 122.15.0.142) allows a physically proximate attacker to disable the phone lock via the Walkie Talkie menu option.... Read more

    Affected Products : vp59_firmware
    • Published: Apr. 29, 2024
    • Modified: Jul. 30, 2025

  • 8.8

    HIGH
    CVE-2024-31856

    An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote code.... Read more

    Affected Products : powerpanel
    • Published: May. 15, 2024
    • Modified: Jul. 30, 2025

  • 7.5

    HIGH
    CVE-2024-32042

    The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered.... Read more

    Affected Products : powerpanel
    • Published: May. 15, 2024
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-32047

    Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production server.... Read more

    Affected Products : powerpanel
    • Published: May. 15, 2024
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-32053

    Hard-coded credentials are used by the  CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business applicati... Read more

    Affected Products : powerpanel
    • Published: May. 15, 2024
    • Modified: Jul. 30, 2025
Showing 20 of 291058 Results