Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-4478

    A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and i... Read more

    • Published: May. 16, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2024-9447

    An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The `/get/organisation/` endpoint does not verify the user's organization, allowing any authenticated user to retrieve sensitive configuration details, in... Read more

    Affected Products : superagi
    • Published: Mar. 20, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-1183

    An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern t... Read more

    Affected Products : gradio
    • Published: Apr. 16, 2024
    • Modified: Jul. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-11958

    A SQL injection vulnerability exists in the `duckdb_retriever` component of the run-llama/llama_index repository, specifically in the latest version. The vulnerability arises from the construction of SQL queries without using prepared statements, allowing... Read more

    Affected Products : llamaindex
    • Published: Mar. 20, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-11395

    Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    • Published: Nov. 19, 2024
    • Modified: Jul. 29, 2025

  • 6.5

    MEDIUM
    CVE-2024-10948

    A vulnerability in the upload function of binary-husky/gpt_academic allows any user to read arbitrary files on the system, including sensitive files such as `config.py`. This issue affects the latest version of the product. An attacker can exploit this vu... Read more

    Affected Products : gpt_academic
    • Published: Mar. 20, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2024-7037

    In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHE_DIR. This vulnerability allows attackers to overwrite and delete syst... Read more

    Affected Products : open_webui
    • Published: Oct. 09, 2024
    • Modified: Jul. 29, 2025

  • 6.9

    MEDIUM
    CVE-2024-10604

    Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances... Read more

    Affected Products : fuchsia
    • Published: Jan. 30, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cryptography

  • 6.3

    MEDIUM
    CVE-2024-10603

    Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances.... Read more

    Affected Products : gvisor
    • Published: Jan. 30, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2024-10481

    A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability allows attackers to host malicious websites that, when visited by authenticated ComfyUI users, can perform arbitrary API requests on behalf of the user. This c... Read more

    Affected Products : comfyui
    • Published: Mar. 20, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2024-7041

    An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint `http://0.0.0.0:3000/api/v1/memories/{id}/update`, where the decentralization design is flawed, allowing ... Read more

    Affected Products : open_webui
    • Published: Oct. 09, 2024
    • Modified: Jul. 29, 2025

  • 9.1

    CRITICAL
    CVE-2025-4404

    A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same can... Read more

    • Published: Jun. 17, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 5.9

    MEDIUM
    CVE-2025-4382

    A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker wit... Read more

    Affected Products : grub2
    • Published: May. 09, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 7.4

    HIGH
    CVE-2025-32874

    An issue was discovered in Kaseya Rapid Fire Tools Network Detective through 2.0.16.0. A vulnerability exists in the EncryptionUtil class because symmetric encryption is implemented in a deterministic and non-randomized fashion. The method Encrypt(byte[] ... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cryptography

  • 4.8

    MEDIUM
    CVE-2025-32353

    Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has Unencrypted Credentials (for privileged access) stored in the collector.txt configuration file.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2024-7048

    In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a highe... Read more

    Affected Products : open_webui
    • Published: Oct. 10, 2024
    • Modified: Jul. 29, 2025

  • 4.6

    MEDIUM
    CVE-2025-31267

    An authentication issue was addressed with improved state management. This issue is fixed in App Store Connect 3.0. An attacker with physical access to an unlocked device may be able to view sensitive user information.... Read more

    Affected Products : app_store_connect
    • Published: Jul. 10, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2024-7033

    In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the download_model endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write file... Read more

    Affected Products : open_webui
    • Published: Mar. 20, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2024-7034

    In open-webui version 0.3.8, the endpoint `/models/upload` is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of `file_path = f"{UPLOAD_DIR}/{file.filename}"` without proper i... Read more

    Affected Products : open_webui
    • Published: Mar. 20, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Path Traversal

  • 6.9

    MEDIUM
    CVE-2024-7035

    In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery (CSRF) attacks, where an unaware user can unintent... Read more

    Affected Products : open_webui
    • Published: Mar. 20, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 292386 Results