Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2025-4878

    A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing fa... Read more

    Affected Products : libssh
    • Published: Jul. 22, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-47187

    A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit through 6.4 SP4 (R6.4.0.4006) or version V1 R0.1.0, could allow an unauthenticated attacker to perform a file up... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-24725

    Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.... Read more

    Affected Products : gibbon
    • Published: Mar. 23, 2024
    • Modified: Jul. 29, 2025

  • 7.4

    HIGH
    CVE-2024-25078

    A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and kernel 5.6: IB191... Read more

    Affected Products : insydeh2o kernel
    • Published: May. 15, 2024
    • Modified: Jul. 29, 2025

  • 8.1

    HIGH
    CVE-2024-11398

    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vector... Read more

    Affected Products : router_manager router_manager
    • Published: Dec. 04, 2024
    • Modified: Jul. 29, 2025

  • 7.5

    HIGH
    CVE-2024-11603

    A Server-Side Request Forgery (SSRF) vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the `/queue/join?` endpoint, where insufficient validation of the path parameter allows an attacker to send crafted requests. This... Read more

    Affected Products : fastchat
    • Published: Mar. 20, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.7

    HIGH
    CVE-2024-11625

    Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 1... Read more

    Affected Products : sitefinity
    • Published: Jan. 07, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Information Disclosure

  • 8.4

    HIGH
    CVE-2024-11626

    Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.822... Read more

    Affected Products : sitefinity
    • Published: Jan. 07, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2024-53286

    Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to ... Read more

    Affected Products : router_manager router_manager
    • Published: Jul. 23, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 5.9

    MEDIUM
    CVE-2024-53287

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in VPN Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject... Read more

    Affected Products : router_manager router_manager
    • Published: Jul. 23, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2024-53288

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in NTP Region functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject ... Read more

    Affected Products : router_manager router_manager
    • Published: Jul. 23, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2024-11627

    : Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.842... Read more

    Affected Products : sitefinity
    • Published: Jan. 07, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2024-11681

    A malicious or compromised MacPorts mirror can execute arbitrary commands as root on the machine of a client running port selfupdate against the mirror.... Read more

    Affected Products : macos macports
    • Published: Jan. 07, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Supply Chain

  • 7.5

    HIGH
    CVE-2024-11738

    A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message.... Read more

    Affected Products : rustls
    • Published: Dec. 06, 2024
    • Modified: Jul. 29, 2025

  • 8.8

    HIGH
    CVE-2024-3571

    langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory ('Path Traversal') in its LocalFileStore functionality. An attacker can leverage this vulnerability to read or write files anywhere o... Read more

    Affected Products : langchain
    • Published: Apr. 16, 2024
    • Modified: Jul. 29, 2025

  • 8.8

    HIGH
    CVE-2024-9415

    A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. This vulnerability allows an attacker to upload an arbitrary file to the server, potentially leading to remote code execution or overwrit... Read more

    Affected Products : superagi
    • Published: Mar. 20, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2024-9431

    In version v0.0.14 of transformeroptimus/superagi, there is an improper privilege management vulnerability. After logging into the system, users can change the passwords of other users, leading to potential account takeover.... Read more

    Affected Products : superagi
    • Published: Mar. 20, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-4478

    A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and i... Read more

    • Published: May. 16, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2024-9447

    An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The `/get/organisation/` endpoint does not verify the user's organization, allowing any authenticated user to retrieve sensitive configuration details, in... Read more

    Affected Products : superagi
    • Published: Mar. 20, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-1183

    An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern t... Read more

    Affected Products : gradio
    • Published: Apr. 16, 2024
    • Modified: Jul. 29, 2025
Showing 20 of 293423 Results