Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2024-11398

    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vector... Read more

    Affected Products : router_manager router_manager
    • Published: Dec. 04, 2024
    • Modified: Jul. 29, 2025

  • 7.5

    HIGH
    CVE-2024-11603

    A Server-Side Request Forgery (SSRF) vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the `/queue/join?` endpoint, where insufficient validation of the path parameter allows an attacker to send crafted requests. This... Read more

    Affected Products : fastchat
    • Published: Mar. 20, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.7

    HIGH
    CVE-2024-11625

    Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 1... Read more

    Affected Products : sitefinity
    • Published: Jan. 07, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Information Disclosure

  • 8.4

    HIGH
    CVE-2024-11626

    Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.822... Read more

    Affected Products : sitefinity
    • Published: Jan. 07, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2024-53286

    Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to ... Read more

    Affected Products : router_manager router_manager
    • Published: Jul. 23, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 5.9

    MEDIUM
    CVE-2024-53287

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in VPN Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject... Read more

    Affected Products : router_manager router_manager
    • Published: Jul. 23, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2024-53288

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in NTP Region functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject ... Read more

    Affected Products : router_manager router_manager
    • Published: Jul. 23, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2024-11627

    : Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.842... Read more

    Affected Products : sitefinity
    • Published: Jan. 07, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2024-11681

    A malicious or compromised MacPorts mirror can execute arbitrary commands as root on the machine of a client running port selfupdate against the mirror.... Read more

    Affected Products : macos macports
    • Published: Jan. 07, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Supply Chain

  • 7.5

    HIGH
    CVE-2024-11738

    A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message.... Read more

    Affected Products : rustls
    • Published: Dec. 06, 2024
    • Modified: Jul. 29, 2025

  • 8.8

    HIGH
    CVE-2024-3571

    langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory ('Path Traversal') in its LocalFileStore functionality. An attacker can leverage this vulnerability to read or write files anywhere o... Read more

    Affected Products : langchain
    • Published: Apr. 16, 2024
    • Modified: Jul. 29, 2025

  • 8.8

    HIGH
    CVE-2024-9415

    A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. This vulnerability allows an attacker to upload an arbitrary file to the server, potentially leading to remote code execution or overwrit... Read more

    Affected Products : superagi
    • Published: Mar. 20, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2024-9431

    In version v0.0.14 of transformeroptimus/superagi, there is an improper privilege management vulnerability. After logging into the system, users can change the passwords of other users, leading to potential account takeover.... Read more

    Affected Products : superagi
    • Published: Mar. 20, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-4478

    A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and i... Read more

    • Published: May. 16, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2024-9447

    An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The `/get/organisation/` endpoint does not verify the user's organization, allowing any authenticated user to retrieve sensitive configuration details, in... Read more

    Affected Products : superagi
    • Published: Mar. 20, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-1183

    An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern t... Read more

    Affected Products : gradio
    • Published: Apr. 16, 2024
    • Modified: Jul. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-11958

    A SQL injection vulnerability exists in the `duckdb_retriever` component of the run-llama/llama_index repository, specifically in the latest version. The vulnerability arises from the construction of SQL queries without using prepared statements, allowing... Read more

    Affected Products : llamaindex
    • Published: Mar. 20, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-11395

    Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    • Published: Nov. 19, 2024
    • Modified: Jul. 29, 2025

  • 6.5

    MEDIUM
    CVE-2024-10948

    A vulnerability in the upload function of binary-husky/gpt_academic allows any user to read arbitrary files on the system, including sensitive files such as `config.py`. This issue affects the latest version of the product. An attacker can exploit this vu... Read more

    Affected Products : gpt_academic
    • Published: Mar. 20, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2024-7037

    In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHE_DIR. This vulnerability allows attackers to overwrite and delete syst... Read more

    Affected Products : open_webui
    • Published: Oct. 09, 2024
    • Modified: Jul. 29, 2025
Showing 20 of 293280 Results