Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-45244

    Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window.... Read more

    Affected Products : fabric
    • Published: Aug. 25, 2024
    • Modified: Jul. 21, 2025

  • 6.8

    MEDIUM
    CVE-2025-1121

    Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted ... Read more

    Affected Products : chrome_os
    • Published: Mar. 07, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-25257

    An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker ... Read more

    Affected Products : fortiweb
    • Actively Exploited
    • Published: Jul. 17, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-38435

    Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service... Read more

    Affected Products : visilogic vision_plc
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2025

  • 4.7

    MEDIUM
    CVE-2025-25287

    Lakeus is a simple skin made for MediaWiki. Starting in version 1.0.8 and prior to versions 1.3.1+REL1.39, 1.3.1+REL1.42, and 1.4.0, Lakeus is vulnerable to store cross-site scripting via malicious system messages, though editing the messages requires hig... Read more

    Affected Products :
    • Published: Feb. 13, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-52615

    A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.... Read more

    Affected Products : avahi
    • Published: Nov. 21, 2024
    • Modified: Jul. 21, 2025

  • 8.8

    HIGH
    CVE-2025-52089

    A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS commands with root privileges.... Read more

    Affected Products : n300rb_firmware n300rb
    • Published: Jul. 11, 2025
    • Modified: Jul. 19, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-25568

    SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function. NOTE: the Supplier disputes this because the use-after-free is not in the VPN software, but is instead in a separate tool that has no u... Read more

    Affected Products : vpn
    • Published: Mar. 12, 2025
    • Modified: Jul. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-25567

    SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c via the UniToStrForSingleChars function. NOTE: the Supplier disputes this because the behavior only enables a local user to attack himself through the UI,... Read more

    Affected Products : vpn
    • Published: Mar. 12, 2025
    • Modified: Jul. 19, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2025-25566

    Memory Leak vulnerability in SoftEtherVPN 5.02.5187 allows an attacker to cause a denial of service via the UnixMemoryAlloc function. NOTE: the Supplier disputes this because the behavior is limited to a single allocation of a few hundred bytes with a com... Read more

    Affected Products : vpn
    • Published: Mar. 12, 2025
    • Modified: Jul. 19, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-25565

    SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions. NOTE: the Supplier disputes this because the behavior only allows a user to attack himself by typing a long string on a command... Read more

    Affected Products : vpn
    • Published: Mar. 12, 2025
    • Modified: Jul. 19, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-53821

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect vulnerability exists in the web application prior to version 3.4.5. The control.php endpoint allows to specify an arbitrary URL via t... Read more

    Affected Products : wegia
    • Published: Jul. 14, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Misconfiguration

  • 5.9

    MEDIUM
    CVE-2024-12777

    A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. The tracking server, which is single-threaded, can be made unresponsive by requesting it to connect to an unresponsive socket via sshfs. ... Read more

    Affected Products : aim
    • Published: Mar. 20, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-12534

    In version v0.3.32 of open-webui/open-webui, the application allows users to submit large payloads in the email and password fields during the sign-in process due to the lack of character length validation on these inputs. This vulnerability can lead to a... Read more

    Affected Products : open_webui
    • Published: Mar. 20, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2024-12048

    An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' inf... Read more

    Affected Products : superagi
    • Published: Mar. 20, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-10267

    An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting to register a new account with an email that is alr... Read more

    Affected Products : superagi
    • Published: Mar. 20, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-12778

    A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service (DoS) attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root ... Read more

    Affected Products : aim
    • Published: Mar. 20, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-7036

    A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the 'name' field, causing the Admin panel to become unresponsive. This prevents administrators from performing essential user mana... Read more

    Affected Products : open_webui
    • Published: Mar. 20, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Denial of Service

  • 8.3

    HIGH
    CVE-2024-7039

    In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. The application allows an attacker, acting as an admin, to delete other administrators via the API endpoint `http://0.0.0.0:8080/api/v1/users/{uuid_administr... Read more

    Affected Products : open_webui
    • Published: Mar. 20, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Authorization

  • 4.9

    MEDIUM
    CVE-2024-7040

    In version v0.3.8 of open-webui/open-webui, there is an improper access control vulnerability. On the frontend admin page, administrators are intended to view only the chats of non-admin members. However, by modifying the user_id parameter, it is possible... Read more

    Affected Products : open_webui
    • Published: Mar. 20, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Authorization
Showing 20 of 291616 Results