Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2024-1729

    A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation (`app.auth[username] == password`) to validate user crede... Read more

    Affected Products : gradio
    • Published: Mar. 29, 2024
    • Modified: Jul. 30, 2025

  • 7.8

    HIGH
    CVE-2025-4275

    A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary sig... Read more

    Affected Products :
    • Published: Jun. 11, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-38085

    In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may have previously been shared across processes, potentially turning it in... Read more

    Affected Products : linux_kernel
    • Published: Jun. 28, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-38084

    In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: unshare page tables during VMA split, not before Currently, __split_vma() triggers hugetlb page table unsharing through vm_ops->may_split(). This happens before the VMA loc... Read more

    Affected Products : linux_kernel
    • Published: Jun. 28, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Race Condition

  • 10.0

    CRITICAL
    CVE-2025-32510

    Unrestricted Upload of File with Dangerous Type vulnerability in Ovatheme Ovatheme Events Manager allows Using Malicious Files.This issue affects Ovatheme Events Manager: from n/a through 1.8.4.... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jul. 30, 2025

  • 8.8

    HIGH
    CVE-2015-4495

    The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code... Read more

    • Actively Exploited
    • Published: Aug. 08, 2015
    • Modified: Jul. 30, 2025

  • 5.9

    MEDIUM
    CVE-2004-1464

    Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.... Read more

    Affected Products : ios
    • Actively Exploited
    • Published: Dec. 31, 2004
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2017-15944

    Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.... Read more

    Affected Products : pan-os
    • Actively Exploited
    • Published: Dec. 11, 2017
    • Modified: Jul. 30, 2025

  • 7.5

    HIGH
    CVE-2024-8550

    A Local File Inclusion (LFI) vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipul... Read more

    Affected Products : agentscope
    • Published: Feb. 10, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Path Traversal

  • 10.0

    CRITICAL
    CVE-2024-12909

    A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for SQL injection in the `run_sql_query` function of the `database_agent`. This vulnerability can be exploited by an attacker to inject arb... Read more

    Affected Products : llamaindex
    • Published: Mar. 20, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-49704

    Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.... Read more

    • Actively Exploited
    • Published: Jul. 08, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-49706

    Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Actively Exploited
    • Published: Jul. 08, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-53770

    Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing... Read more

    • Actively Exploited
    • Published: Jul. 20, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2024-12911

    A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service (DoS) attacks. The vul... Read more

    Affected Products : llamaindex
    • Published: Mar. 20, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Injection

  • 5.7

    MEDIUM
    CVE-2024-13870

    An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed fir... Read more

    Affected Products : box_firmware box
    • Published: Mar. 12, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authorization

  • 9.4

    CRITICAL
    CVE-2024-13871

    A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (firmware version 1.3.11.490). This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, ... Read more

    Affected Products : box_firmware box
    • Published: Mar. 12, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2024-13872

    Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /set_temp_token A... Read more

    Affected Products : box_firmware box
    • Published: Mar. 12, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 6.8

    MEDIUM
    CVE-2024-30939

    An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset procedure.... Read more

    Affected Products : vp59_firmware
    • Published: Apr. 25, 2024
    • Modified: Jul. 30, 2025

  • 7.5

    HIGH
    CVE-2024-28442

    Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physically proximate attacker to obtain sensitive information via terms of use function in the company portal component.... Read more

    Affected Products : vp59_firmware vp59
    • Published: Mar. 26, 2024
    • Modified: Jul. 30, 2025

  • 7.7

    HIGH
    CVE-2024-31410

    The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate any client in the system and send malicious data.... Read more

    Affected Products : powerpanel
    • Published: May. 15, 2024
    • Modified: Jul. 30, 2025
Showing 20 of 293508 Results