Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-0184

    A Server-Side Request Forgery (SSRF) vulnerability was identified in langgenius/dify version 0.10.2. The vulnerability occurs in the 'Create Knowledge' section when uploading DOCX files. If an external relationship exists in the DOCX file, the reltype val... Read more

    Affected Products : dify dify
    • Published: Mar. 20, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.1

    CRITICAL
    CVE-2024-29868

    Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take ov... Read more

    Affected Products : streampipes
    • Published: Jun. 24, 2024
    • Modified: Jul. 15, 2025

  • 7.5

    HIGH
    CVE-2024-5216

    A vulnerability in mintplex-labs/anything-llm allows for a Denial of Service (DoS) condition due to uncontrolled resource consumption. Specifically, the issue arises from the application's failure to limit the size of usernames, enabling attackers to crea... Read more

    Affected Products : anythingllm
    • Published: Jun. 25, 2024
    • Modified: Jul. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-5181

    A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker c... Read more

    Affected Products : localai
    • Published: Jun. 26, 2024
    • Modified: Jul. 15, 2025

  • 7.5

    HIGH
    CVE-2024-5334

    A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshot_path' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit th... Read more

    Affected Products : devika
    • Published: Jun. 27, 2024
    • Modified: Jul. 15, 2025

  • 7.5

    HIGH
    CVE-2024-5547

    A directory traversal vulnerability exists in the /api/download-project-pdf endpoint of the stitionai/devika repository, affecting the latest version. The vulnerability arises due to insufficient sanitization of the 'project_name' parameter in the downloa... Read more

    Affected Products : devika
    • Published: Jun. 27, 2024
    • Modified: Jul. 15, 2025

  • 7.5

    HIGH
    CVE-2024-5548

    A directory traversal vulnerability exists in the stitionai/devika repository, specifically within the /api/download-project endpoint. Attackers can exploit this vulnerability by manipulating the 'project_name' parameter in a GET request to download arbit... Read more

    Affected Products : devika
    • Published: Jun. 27, 2024
    • Modified: Jul. 15, 2025

  • 8.8

    HIGH
    CVE-2024-5820

    An unprotected WebSocket connection in the latest version of stitionai/devika (commit ecee79f) allows a malicious website to connect to the backend and issue commands on behalf of the user. The backend serves all listeners on the given socket, enabling an... Read more

    Affected Products : devika
    • Published: Jun. 27, 2024
    • Modified: Jul. 15, 2025

  • 7.8

    HIGH
    CVE-2025-49711

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-5822

    A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the vulnerable server... Read more

    Affected Products : chuanhuchatgpt
    • Published: Jun. 27, 2024
    • Modified: Jul. 15, 2025

  • 9.8

    CRITICAL
    CVE-2025-7469

    A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/product_add.php. The manipulation of the argument prod_name leads to sql injection. The attack ... Read more

    Affected Products : sales_and_inventory_system
    • Published: Jul. 12, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7470

    A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been classified as critical. Affected is an unknown function of the file /pages/product_add.php. The manipulation of the argument image leads to unrestricted upload. It is possi... Read more

    Affected Products : sales_and_inventory_system
    • Published: Jul. 12, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-8018

    A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process these ch... Read more

    Affected Products : privategpt privategpt
    • Published: Mar. 20, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2024-2029

    A command injection vulnerability exists in the `TranscriptEndpoint` of mudler/localai, specifically within the `audioToWav` function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization... Read more

    Affected Products : localai
    • Published: Apr. 10, 2024
    • Modified: Jul. 15, 2025

  • 5.3

    MEDIUM
    CVE-2024-8251

    A vulnerability in mintplex-labs/anything-llm prior to version 1.2.2 allows for Prisma injection. The issue exists in the API endpoint "/embed/:embedId/stream-chat" where user-provided JSON is directly taken to the Prisma library's where clause. An attack... Read more

    Affected Products : anythingllm
    • Published: Mar. 20, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-8249

    mintplex-labs/anything-llm version git 6dc3642 contains an unauthenticated Denial of Service (DoS) vulnerability in the API for the embeddable chat functionality. An attacker can exploit this vulnerability by sending a malformed JSON payload to the API en... Read more

    Affected Products : anythingllm
    • Published: Mar. 20, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2024-8248

    A vulnerability in the normalizePath function in mintplex-labs/anything-llm version git 296f041 allows for path traversal, leading to arbitrary file read and write in the storage directory. This can result in privilege escalation from manager to admin. Th... Read more

    Affected Products : anythingllm
    • Published: Mar. 20, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2025-7029

    A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control the RBX register, which is used to derive pointers (OcHeader, OcData) passed into power and thermal configuration logic. These buffers are not validated ... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 8.2

    HIGH
    CVE-2025-7027

    A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control both the read and write addresses used by the CommandRcx1 function. The write target is derived from an unvalidated UEFI NVRAM variable (SetupXtuBufferAd... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-52951

    A Protection Mechanism Failure vulnerability in kernel filter processing of Juniper Networks Junos OS allows an attacker sending IPv6 traffic destined to the device to effectively bypass any firewall filtering configured on the interface. Due to an issue... Read more

    Affected Products : junos
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization
Showing 20 of 291647 Results