Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-12376

    A Server-Side Request Forgery (SSRF) vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise in... Read more

    Affected Products : fastchat
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2024-12387

    A vulnerability in the binary-husky/gpt_academic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into memory, which c... Read more

    Affected Products : gpt_academic
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2025-1254

    Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before ... Read more

    Affected Products : connext_professional
    • Published: May. 08, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2024-56131

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.... Read more

    • Published: Feb. 05, 2025
    • Modified: Jul. 31, 2025

  • 8.4

    HIGH
    CVE-2024-56132

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.... Read more

    • Published: Feb. 05, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2024-56133

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.... Read more

    • Published: Feb. 05, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2024-56134

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.... Read more

    • Published: Feb. 05, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2024-56135

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.... Read more

    • Published: Feb. 05, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2025-1007

    In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/{namespace}/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description, website, support link and ... Read more

    Affected Products : open_vsx
    • Published: Feb. 19, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2025-20153

    A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device.   This ... Read more

    Affected Products : secure_email_gateway
    • Published: Feb. 19, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Misconfiguration

  • 8.3

    HIGH
    CVE-2025-6032

    A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-1793

    Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users de... Read more

    Affected Products : llamaindex
    • Published: Jun. 05, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-3108

    A critical deserialization vulnerability exists in the run-llama/llama_index library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pi... Read more

    Affected Products : llamaindex
    • Published: Jul. 06, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-3044

    A vulnerability in the ArxivReader class of the run-llama/llama_index repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but... Read more

    Affected Products : llamaindex
    • Published: Jul. 07, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-3046

    A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails to resolve symlinks to their real paths and does not vali... Read more

    Affected Products : llamaindex
    • Published: Jul. 07, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-3225

    An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llama_index repository, specifically affecting version v0.12.21. This vulnerability allows an attacker to supply a malicious Site... Read more

    Affected Products : llamaindex
    • Published: Jul. 07, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: XML External Entity

  • 7.8

    HIGH
    CVE-2024-32849

    Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.... Read more

    • Published: Jun. 10, 2024
    • Modified: Jul. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-24770

    vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling ... Read more

    Affected Products : vantage6
    • Published: Mar. 14, 2024
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-54438

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-54439

    Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Injection
Showing 20 of 291804 Results