Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2024-6829

    A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the `tarfile.extractall()` function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control `repo.path` and `... Read more

    Affected Products : aim
    • Published: Mar. 20, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2024-6483

    A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which are used... Read more

    Affected Products : aim
    • Published: Mar. 20, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2024-10110

    In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server b... Read more

    Affected Products : aim
    • Published: Mar. 20, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2024-6396

    A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path... Read more

    Affected Products : aim
    • Published: Jul. 12, 2024
    • Modified: Jul. 23, 2025

  • 7.5

    HIGH
    CVE-2024-8061

    In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to o... Read more

    Affected Products : aim
    • Published: Mar. 20, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-45986

    Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 werediscovered to contain a command injection vulnerability via the mac paramete... Read more

    • Published: Jun. 13, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2024-7726

    There exists an unauthenticated accessible JTAG port on the Kioxia PM6, PM7 and CM6 devices - On the Kioxia CM6, PM6 and PM7 disk drives it was discovered that the 2 main CPU cores of the SoC can be accessed via an open JTAG debug port that is exposed on ... Read more

    • Published: Dec. 20, 2024
    • Modified: Jul. 23, 2025

  • 6.8

    MEDIUM
    CVE-2024-12236

    A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for image input, data exfiltration is possible due to requests being routed outside the VPC-SC security perimeter, circumventing the intended s... Read more

    Affected Products : vertex_gemini_api
    • Published: Dec. 10, 2024
    • Modified: Jul. 23, 2025

  • 7.5

    HIGH
    CVE-2024-11407

    There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be... Read more

    Affected Products : grpc
    • Published: Nov. 26, 2024
    • Modified: Jul. 23, 2025

  • 7.5

    HIGH
    CVE-2024-11498

    There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is possible, maybe 512mb), potentially exhausting the stack. An attacker can craft a file that will ... Read more

    Affected Products : libjxl
    • Published: Nov. 25, 2024
    • Modified: Jul. 23, 2025

  • 7.1

    HIGH
    CVE-2024-9526

    There exists a stored XSS Vulnerability in Kubeflow Pipeline View web UI. The Kubeflow Web UI allows to create new pipelines. When creating a new pipeline, it is possible to add a description. The description field allows html tags, which are not filtered... Read more

    Affected Products : pipelines
    • Published: Nov. 18, 2024
    • Modified: Jul. 23, 2025

  • 6.1

    MEDIUM
    CVE-2024-11023

    Firebase JavaScript SDK utilizes a "FIREBASE_DEFAULTS" cookie to store configuration data, including an "_authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manip... Read more

    Affected Products : firebase_javascript_sdk
    • Published: Nov. 18, 2024
    • Modified: Jul. 23, 2025

  • 7.5

    HIGH
    CVE-2024-10668

    There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim. The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is c... Read more

    Affected Products : windows nearby quick_share
    • Published: Nov. 07, 2024
    • Modified: Jul. 23, 2025

  • 7.5

    HIGH
    CVE-2024-10389

    There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7c... Read more

    Affected Products : safearchive
    • Published: Nov. 04, 2024
    • Modified: Jul. 23, 2025

  • 7.8

    HIGH
    CVE-2025-49738

    Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : pc_manager
    • Published: Jul. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-41442

    A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating certain input parameters, an attacker could execute unauthorized scripts in the user's brows... Read more

    Affected Products : iview
    • Published: Jul. 11, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-46704

    A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest() that could allow for a directory traversal attack. This issue requires an authenticated attacker with at least user-level privileges. A specific parameter is not properl... Read more

    Affected Products : iview
    • Published: Jul. 11, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Path Traversal

  • 7.6

    HIGH
    CVE-2025-48891

    A vulnerability exists in Advantech iView that could allow for SQL injection through the CUtils.checkSQLInjection() function. This vulnerability can be exploited by an authenticated attacker with at least user-level privileges, potentially leading to i... Read more

    Affected Products : iview
    • Published: Jul. 11, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-52577

    A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters ar... Read more

    Affected Products : iview
    • Published: Jul. 11, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-53519

    A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating specific parameters, an attacker could execute unauthorized scripts in the user's browser, p... Read more

    Affected Products : iview
    • Published: Jul. 11, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292786 Results