Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    CRITICAL
    CVE-2025-53946

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.5 in the `id_funcionario` parameter of the `/html/saude/profile_paciente.php` en... Read more

    Affected Products : wegia
    • Published: Jul. 17, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2024-1540

    A command injection vulnerability exists in the deploy+test-visual.yml workflow of the gradio-app/gradio repository, due to improper neutralization of special elements used in a command. This vulnerability allows attackers to execute unauthorized commands... Read more

    Affected Products : gradio
    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 7.5

    HIGH
    CVE-2024-9823

    There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory... Read more

    • Published: Oct. 14, 2024
    • Modified: Jul. 30, 2025

  • 4.4

    MEDIUM
    CVE-2023-20092

    Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on ... Read more

    • Published: Nov. 15, 2024
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-7099

    netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include `get_knowledge_base_name`, `from_status_to_status`, `delete... Read more

    Affected Products : qanything qanything
    • Published: Oct. 13, 2024
    • Modified: Jul. 30, 2025

  • 8.6

    HIGH
    CVE-2024-2398

    When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the ... Read more

    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-2466

    libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, ther... Read more

    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-8096

    When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If th... Read more

    • Published: Sep. 11, 2024
    • Modified: Jul. 30, 2025

  • 3.5

    LOW
    CVE-2024-2004

    When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.s... Read more

    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 6.3

    MEDIUM
    CVE-2024-2379

    libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certi... Read more

    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 3.4

    LOW
    CVE-2025-0167

    When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default... Read more

    • Published: Feb. 05, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2025-5025

    libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, f... Read more

    Affected Products : curl
    • Published: May. 28, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-5399

    Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the ... Read more

    Affected Products : curl
    • Published: Jun. 07, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-0665

    libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.... Read more

    • Published: Feb. 05, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2025-31181

    A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash.... Read more

    Affected Products : enterprise_linux gnuplot
    • Published: Mar. 27, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2025-31180

    A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash.... Read more

    Affected Products : enterprise_linux gnuplot
    • Published: Mar. 27, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Denial of Service

  • 6.2

    MEDIUM
    CVE-2025-31179

    A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.... Read more

    Affected Products : enterprise_linux gnuplot
    • Published: Mar. 27, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2025-31178

    A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash.... Read more

    Affected Products : enterprise_linux gnuplot
    • Published: Mar. 27, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2025-31176

    A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash.... Read more

    Affected Products : enterprise_linux gnuplot
    • Published: Mar. 27, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2024-9858

    There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated with administrator privileges. This posed a security risk if the "analyze" or "generate" com... Read more

    Affected Products : migrate_to_containers
    • Published: Oct. 16, 2024
    • Modified: Jul. 30, 2025
Showing 20 of 291812 Results