Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2024-8537

    A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files from the filesystem. This issue arises du... Read more

    Affected Products : agentscope
    • Published: Mar. 20, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2024-8438

    A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint `/api/file` does not properly sanitize the `path` parameter, allowing an attacker to read arbitrary files on the server.... Read more

    Affected Products : agentscope
    • Published: Mar. 20, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2024-8027

    A stored Cross-Site Scripting (XSS) vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious knowledge files to the knowledge base, which can trigger XSS attacks during user chats. This vulnerability affects all versions prior to t... Read more

    Affected Products : qanything qanything
    • Published: Mar. 20, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-8024

    A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy, potentially leading to sensitive information exposure. Properly implementing a restrictive CORS... Read more

    Affected Products : qanything qanything
    • Published: Mar. 20, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-8020

    A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the `/api/v1/state` endpoint of `LightningApp`. This issue occurs due to improper handling of unexpect... Read more

    Affected Products : pytorch_lightning
    • Published: Mar. 20, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2024-8019

    In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_file/` endpoint, allowing an attacker to write or overwrite arbitrary files by pr... Read more

    Affected Products : pytorch_lightning
    • Published: Mar. 20, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-6866

    corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs ... Read more

    Affected Products : flask-cors flask-cors
    • Published: Mar. 20, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2024-6844

    A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquote_plus function, which converts the '+' character to a space ... Read more

    Affected Products : flask-cors flask-cors
    • Published: Mar. 20, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 5.0

    MEDIUM
    CVE-2025-0146

    Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access.... Read more

    • Published: Jan. 30, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-0147

    Type confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalation of privilege via network access.... Read more

    • Published: Jan. 30, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-12882

    comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability can be exploited by combining the REST APIs `POST /internal/models/download` and `GET /view`, allowing attackers to abuse t... Read more

    Affected Products : comfyui
    • Published: Mar. 20, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.5

    HIGH
    CVE-2024-12866

    A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability allows an attacker to read arbitrary files on the file system, which can lead to remote code execution by retrieving private SSH keys, reading priva... Read more

    Affected Products : qanything qanything
    • Published: Mar. 20, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-24801

    GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on the GLPI server. This vulnerability is fixed in 10.0.18.... Read more

    Affected Products : glpi
    • Published: Mar. 18, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-27774

    Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) and file write in `model_download.py` (line 156 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio server and can be le... Read more

    Affected Products : applio
    • Published: Mar. 19, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2025-27775

    Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) and file write in `model_download.py` (line 143 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio server and can be le... Read more

    Affected Products : applio
    • Published: Mar. 19, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2025-27776

    Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) and file write in `model_download.py` (line 240 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio server and can be le... Read more

    Affected Products : applio
    • Published: Mar. 19, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.7

    HIGH
    CVE-2025-27777

    Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) in `model_download.py` (line 195 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to prob... Read more

    Affected Products : applio
    • Published: Mar. 19, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-27778

    Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in `infer.py`. The issue can lead to remote code execution. As of time of publication, a fix is available on the `main` branch of the Applio reposi... Read more

    Affected Products : applio
    • Published: Mar. 19, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-27779

    Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in `model_blender.py` lines 20 and 21. `model_fusion_a` and `model_fusion_b` from voice_blender.py take user-supplied input (e.g. a path to a model... Read more

    Affected Products : applio
    • Published: Mar. 19, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2025-43266

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to break out of its sandbox.... Read more

    Affected Products : macos
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authorization
Showing 20 of 291275 Results