Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-3271

    A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to e... Read more

    Affected Products : llamaindex
    • Published: Apr. 16, 2024
    • Modified: Jul. 30, 2025

  • 7.1

    HIGH
    CVE-2024-54461

    The file names constructed within file_selector are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select a document file from tha... Read more

    Affected Products : file_selector_android
    • Published: Jan. 29, 2025
    • Modified: Jul. 30, 2025

  • 7.1

    HIGH
    CVE-2024-54462

    The file names constructed within image_picker are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select an image file from that p... Read more

    Affected Products : image_picker_android
    • Published: Jan. 29, 2025
    • Modified: Jul. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-55907

    IBM Cognos Analytics Mobile 1.1 for iOS application could allow an attacker to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used due to weak obfuscation.... Read more

    Affected Products : cognos_analytics_mobile
    • Published: Mar. 02, 2025
    • Modified: Jul. 30, 2025

  • 8.5

    HIGH
    CVE-2024-5271

    Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a type confusion, which could result in arbitrary code execution.... Read more

    Affected Products : monitouch_v-sft
    • Published: May. 30, 2024
    • Modified: Jul. 30, 2025

  • 8.8

    HIGH
    CVE-2024-52047

    A widget local file inclusion vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target s... Read more

    Affected Products : apex_one
    • Published: Dec. 31, 2024
    • Modified: Jul. 29, 2025

  • 6.1

    MEDIUM
    CVE-2024-4940

    An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Sid... Read more

    Affected Products : gradio
    • Published: Jun. 22, 2024
    • Modified: Jul. 29, 2025

  • 7.5

    HIGH
    CVE-2021-39081

    IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.... Read more

    Affected Products : cognos_analytics_mobile
    • Published: Dec. 19, 2024
    • Modified: Jul. 29, 2025

  • 7.5

    HIGH
    CVE-2021-3978

    When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root ( https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.ser... Read more

    Affected Products : octorpki
    • Published: Jan. 29, 2025
    • Modified: Jul. 29, 2025

  • 9.8

    CRITICAL
    CVE-2021-4458

    The Modern Events Calendar Lite plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'wp_ajax_mec_load_single_page' AJAX action in all versions up to, and including, 6.3.0 due to insufficient escaping on the user supplied para... Read more

    Affected Products : modern_events_calendar_lite
    • Published: Jul. 12, 2025
    • Modified: Jul. 29, 2025

  • 6.2

    MEDIUM
    CVE-2023-39804

    In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.... Read more

    Affected Products : tar
    • Published: Mar. 27, 2024
    • Modified: Jul. 29, 2025

  • 6.3

    MEDIUM
    CVE-2023-47252

    An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 through 5.6. There is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. The PNP-related SMI sub-functions do not verify data size before getting it ... Read more

    Affected Products : kernel
    • Published: Apr. 26, 2024
    • Modified: Jul. 29, 2025

  • 9.3

    CRITICAL
    CVE-2024-10044

    A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to explo... Read more

    Affected Products : fastchat
    • Published: Dec. 30, 2024
    • Modified: Jul. 29, 2025

  • 6.4

    MEDIUM
    CVE-2024-11180

    The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer Widget ekit_countdown_timer_title parameter in all versions up to, and including, 3.4.7 due to insufficient input sanitization and o... Read more

    Affected Products : elementskit_elementor_addons
    • Published: Mar. 29, 2025
    • Modified: Jul. 29, 2025

  • 7.5

    HIGH
    CVE-2025-50492

    Improper session invalidation in the component /edms/change-password.php of PHPGurukul e-Diary Management System v1 allows attackers to execute a session hijacking attack.... Read more

    Affected Products : e-diary_management_system
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 7.1

    HIGH
    CVE-2025-50491

    Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker Management System v1 allows attackers to execute a session hijacking attack.... Read more

    Affected Products : bank_locker_management_system
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 7.5

    HIGH
    CVE-2025-50489

    Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.... Read more

    Affected Products : student_result_management_system
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 7.1

    HIGH
    CVE-2025-50488

    Improper session invalidation in the component /library/change-password.php of PHPGurukul Online Library Management System v3.0 allows attackers to execute a session hijacking attack.... Read more

    Affected Products : online_library_management_system
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 7.5

    HIGH
    CVE-2025-50494

    Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack.... Read more

    Affected Products : car_washing_management_system
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 7.5

    HIGH
    CVE-2025-50493

    Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack.... Read more

    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
Showing 20 of 291058 Results