Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-10780

    The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.9 via the 'narestaurant_elementor_template' shortcode due to insufficient restrictions on which posts can be inc... Read more

    • Published: Nov. 28, 2024
    • Modified: Jul. 14, 2025

  • 8.8

    HIGH
    CVE-2024-11039

    A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gpt_academic versions up to and including 3.83. This vulnerability allows attackers to achieve remote command execution by deserializing u... Read more

    Affected Products : gpt_academic
    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2024-5564

    A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the ro... Read more

    • Published: May. 31, 2024
    • Modified: Jul. 14, 2025

  • 9.5

    CRITICAL
    CVE-2024-52577

    In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whos... Read more

    Affected Products : ignite
    • Published: Feb. 14, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2024-10513

    A path traversal vulnerability exists in the 'document uploads manager' feature of mintplex-labs/anything-llm, affecting the latest version prior to 1.2.2. This vulnerability allows users with the 'manager' role to access and manipulate the 'anythingllm.d... Read more

    Affected Products : anythingllm
    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2024-10549

    A vulnerability in the `/3/Parse` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint uses a user-specified string to construct a regular expression, which is then applied to another user-specified string. By... Read more

    Affected Products : h2o h2o
    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-25247

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8. Users are recommended to upgrade to version 4.... Read more

    Affected Products : felix_webconsole
    • Published: Feb. 10, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-10550

    A vulnerability in the `/3/ParseSetup` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to ca... Read more

    Affected Products : h2o h2o
    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2024-10553

    A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHive... Read more

    Affected Products : h2o h2o
    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-10572

    In h2oai/h2o-3 version 3.46.0.1, the `run_tool` command exposes classes in the `water.tools` package through the `ast` parser. This includes the `XGBoostLibExtractTool` class, which can be exploited to shut down the server and write large files to arbitra... Read more

    Affected Products : h2o h2o
    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2024-10644

    Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Feb. 11, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-56180

    CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch without release version on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via hes... Read more

    Affected Products : eventmesh
    • Published: Feb. 14, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-10650

    An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can s... Read more

    Affected Products : chuanhuchatgpt
    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Denial of Service

  • 5.8

    MEDIUM
    CVE-2025-27888

    Severity: medium (5.8) / important Server-Side Request Forgery (SSRF), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Druid. This issue af... Read more

    Affected Products : druid
    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2025-23015

    Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting d... Read more

    Affected Products : cassandra
    • Published: Feb. 04, 2025
    • Modified: Jul. 14, 2025

  • 5.3

    MEDIUM
    CVE-2024-27137

    In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the J... Read more

    Affected Products : cassandra
    • Published: Feb. 04, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-27391

    Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled. This... Read more

    Affected Products : activemq_artemis
    • Published: Apr. 09, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-27427

    A vulnerability exists in Apache ActiveMQ Artemis whereby a user with the createDurableQueue or createNonDurableQueue permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permissi... Read more

    Affected Products : activemq_artemis
    • Published: Apr. 01, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2024-46910

    An authenticated user can perform XSS and potentially impersonate another user. This issue affects Apache Atlas versions 2.3.0 and earlier. Users are recommended to upgrade to version 2.4.0, which fixes the issue.... Read more

    Affected Products : atlas
    • Published: Feb. 13, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-41393

    Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Mo... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291551 Results