Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2023-5117

    An issue was discovered in GitLab CE/EE affecting all versions before 17.6.0 in which users were unaware that files uploaded to comments on confidential issues and epics of public projects could be accessed without authentication via a direct link to the ... Read more

    Affected Products : gitlab
    • Published: Dec. 25, 2024
    • Modified: Jul. 11, 2025

  • 3.1

    LOW
    CVE-2024-10043

    An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title thr... Read more

    Affected Products : gitlab
    • Published: Dec. 12, 2024
    • Modified: Jul. 11, 2025

  • 8.7

    HIGH
    CVE-2024-11274

    An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfilt... Read more

    Affected Products : gitlab
    • Published: Dec. 12, 2024
    • Modified: Jul. 11, 2025

  • 4.0

    MEDIUM
    CVE-2024-12292

    An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained i... Read more

    Affected Products : gitlab
    • Published: Dec. 12, 2024
    • Modified: Jul. 11, 2025

  • 4.6

    MEDIUM
    CVE-2024-10359

    In danny-avila/librechat version v0.7.5-rc2, a vulnerability exists in the preset creation functionality where a user can manipulate the user ID field through mass assignment. This allows an attacker to inject a different user ID into the preset object, c... Read more

    Affected Products : librechat
    • Published: Mar. 20, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2024-12570

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's `CI_JOB_TOKEN` to obtain a GitLab s... Read more

    Affected Products : gitlab
    • Published: Dec. 12, 2024
    • Modified: Jul. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-8179

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled.... Read more

    Affected Products : gitlab
    • Published: Dec. 12, 2024
    • Modified: Jul. 11, 2025

  • 9.1

    CRITICAL
    CVE-2024-10361

    An arbitrary file deletion vulnerability exists in danny-avila/librechat version v0.7.5-rc2, specifically within the /api/files endpoint. This vulnerability arises from improper input validation, allowing path traversal techniques to delete arbitrary file... Read more

    Affected Products : librechat
    • Published: Mar. 20, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2024-8233

    An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request.... Read more

    Affected Products : gitlab
    • Published: Dec. 12, 2024
    • Modified: Jul. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-10363

    In version 0.7.5 of danny-avila/LibreChat, there is an improper access control vulnerability. Users can share, use, and create prompts without being granted permission by the admin. This can break application logic and permissions, allowing unauthorized a... Read more

    Affected Products : librechat
    • Published: Mar. 20, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2019-20208

    dimC_Read in isomedia/box_code_3gpp.c in GPAC from 0.5.2 to 0.8.0 has a stack-based buffer overflow.... Read more

    Affected Products : gpac debian_linux
    • EPSS Score: %0.51
    • Published: Jan. 02, 2020
    • Modified: Jul. 11, 2025

  • 6.7

    MEDIUM
    CVE-2023-41842

    A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and b... Read more

    • Published: Mar. 12, 2024
    • Modified: Jul. 11, 2025

  • 6.5

    MEDIUM
    CVE-2018-1000519

    aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttp_session/redis_storage.py#L42) that can result in Session Hijacking. This att... Read more

    • EPSS Score: %0.22
    • Published: Jun. 26, 2018
    • Modified: Jul. 11, 2025

  • 6.5

    MEDIUM
    CVE-2019-13454

    ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.... Read more

    • EPSS Score: %0.36
    • Published: Jul. 09, 2019
    • Modified: Jul. 11, 2025

  • 7.3

    HIGH
    CVE-2024-27613

    Numbas editor before 7.3 mishandles reading of themes and extensions.... Read more

    Affected Products : numbas editor
    • Published: Mar. 08, 2024
    • Modified: Jul. 11, 2025

  • 6.4

    MEDIUM
    CVE-2024-13576

    The Gumlet Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gumlet' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This... Read more

    Affected Products : gumlet_video video
    • Published: Feb. 18, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.5

    HIGH
    CVE-2024-11364

    Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat ac... Read more

    Affected Products : windows arena
    • Published: Dec. 19, 2024
    • Modified: Jul. 11, 2025

  • 5.3

    MEDIUM
    CVE-2024-1044

    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_review' function in all versions up to, and including, 5.38.12. This makes it possible for unauth... Read more

    Affected Products : customer_reviews_for_woocommerce
    • Published: Feb. 29, 2024
    • Modified: Jul. 11, 2025

  • 6.4

    MEDIUM
    CVE-2024-5260

    The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘read_more_text’ parameter in all versions u... Read more

    Affected Products : sina_extension_for_elementor
    • Published: Jul. 02, 2024
    • Modified: Jul. 11, 2025

  • 8.8

    HIGH
    CVE-2024-7810

    A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tracking/admin/view_itprofile.php. The manipulation of the argument id leads to... Read more

    • Published: Aug. 15, 2024
    • Modified: Jul. 11, 2025
Showing 20 of 291562 Results