Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-4948

    A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart me... Read more

    • Published: May. 19, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Denial of Service

  • 7.3

    HIGH
    CVE-2025-48797

    A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a ... Read more

    • Published: May. 27, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-48796

    A flaw was found in GIMP. The GIMP ani_load_image() function is vulnerable to a stack-based overflow. If a user opens.ANI files, GIMP may be used to store more information than the capacity allows. This flaw allows a malicious ANI file to trigger arbitrar... Read more

    Affected Products : gimp
    • Published: May. 27, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2024-9904

    A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted uplo... Read more

    • Published: Oct. 13, 2024
    • Modified: Jul. 30, 2025

  • 7.5

    HIGH
    CVE-2024-1728

    gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SS... Read more

    Affected Products : gradio
    • Published: Apr. 10, 2024
    • Modified: Jul. 30, 2025

  • 7.5

    HIGH
    CVE-2024-1561

    An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cache()`... Read more

    Affected Products : gradio
    • Published: Apr. 16, 2024
    • Modified: Jul. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-1681

    corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerabili... Read more

    Affected Products : flask-cors flask-cors
    • Published: Apr. 19, 2024
    • Modified: Jul. 30, 2025

  • 8.8

    HIGH
    CVE-2024-3622

    A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the... Read more

    Affected Products : mirror_registry
    • Published: Apr. 25, 2024
    • Modified: Jul. 30, 2025

  • 8.1

    HIGH
    CVE-2024-3623

    A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registr... Read more

    Affected Products : mirror_registry
    • Published: Apr. 25, 2024
    • Modified: Jul. 30, 2025

  • 7.3

    HIGH
    CVE-2025-48798

    A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-... Read more

    • Published: May. 27, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2024-20306

    A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an at... Read more

    Affected Products : ios_xe
    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 8.2

    HIGH
    CVE-2024-21690

    This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.1, 8.8.0, and 8.9.0 of Confluence Data Center and Server. This Reflect... Read more

    • Published: Aug. 21, 2024
    • Modified: Jul. 30, 2025

  • 5.6

    MEDIUM
    CVE-2024-20309

    A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This vulnerability is due to the incorrect handling of specif... Read more

    Affected Products : ios_xe
    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 8.6

    HIGH
    CVE-2024-20311

    A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to the incorrect handl... Read more

    Affected Products : ios_xe ios
    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 4.3

    MEDIUM
    CVE-2024-21684

    There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Versions of Bitbucket DC from 8.0.0 to 8.9.12 and 8.19.0 to 8.19.1 are affected by this vulnerability. It is patched in 8.9.13 and 8.19.2. This open re... Read more

    Affected Products : bitbucket_data_center
    • Published: Jul. 24, 2024
    • Modified: Jul. 30, 2025

  • 8.6

    HIGH
    CVE-2024-20314

    A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and stop all traffic processing, resulting in a denial of servi... Read more

    Affected Products : ios_xe
    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 5.8

    MEDIUM
    CVE-2024-20316

    A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL). This vulnerability i... Read more

    Affected Products : ios_xe
    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 7.3

    HIGH
    CVE-2025-22165

    This Medium severity ACE (Arbitrary Code Execution) vulnerability was introduced in version 4.2.8 of Sourcetree for Mac. This ACE (Arbitrary Code Execution) vulnerability, with a CVSS Score of 5.9, allows a locally authenticated attacker to execute arbit... Read more

    Affected Products : sourcetree
    • Published: Jul. 24, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2024-20324

    A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords. This vulnerability is due to improper privilege checks. An attacker could exploit... Read more

    Affected Products : ios_xe
    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 7.5

    HIGH
    CVE-2024-20307

    A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected device reloading. This vulnerability exists because craft... Read more

    Affected Products : ios_xe ios
    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025
Showing 20 of 292811 Results