Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-9387

    An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open redirect against a given releases API endpoint.... Read more

    Affected Products : gitlab
    • Published: Dec. 12, 2024
    • Modified: Jul. 11, 2025

  • 8.8

    HIGH
    CVE-2024-10252

    A vulnerability in langgenius/dify versions <=v0.9.1 allows for code injection via internal SSRF requests in the Dify sandbox service. This vulnerability enables an attacker to execute arbitrary Python code with root privileges within the sandbox environm... Read more

    Affected Products : dify dify
    • Published: Mar. 20, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-0194

    An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests w... Read more

    Affected Products : gitlab
    • Published: Jan. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2024-8116

    An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. By using a specific GraphQL query, under specific conditions an unauthorized user can retrieve branch names.... Read more

    Affected Products : gitlab
    • Published: Dec. 16, 2024
    • Modified: Jul. 11, 2025

  • 5.3

    MEDIUM
    CVE-2024-8650

    An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests.... Read more

    Affected Products : gitlab
    • Published: Dec. 16, 2024
    • Modified: Jul. 11, 2025

  • 3.7

    LOW
    CVE-2023-5117

    An issue was discovered in GitLab CE/EE affecting all versions before 17.6.0 in which users were unaware that files uploaded to comments on confidential issues and epics of public projects could be accessed without authentication via a direct link to the ... Read more

    Affected Products : gitlab
    • Published: Dec. 25, 2024
    • Modified: Jul. 11, 2025

  • 3.1

    LOW
    CVE-2024-10043

    An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title thr... Read more

    Affected Products : gitlab
    • Published: Dec. 12, 2024
    • Modified: Jul. 11, 2025

  • 8.7

    HIGH
    CVE-2024-11274

    An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfilt... Read more

    Affected Products : gitlab
    • Published: Dec. 12, 2024
    • Modified: Jul. 11, 2025

  • 4.0

    MEDIUM
    CVE-2024-12292

    An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained i... Read more

    Affected Products : gitlab
    • Published: Dec. 12, 2024
    • Modified: Jul. 11, 2025

  • 4.6

    MEDIUM
    CVE-2024-10359

    In danny-avila/librechat version v0.7.5-rc2, a vulnerability exists in the preset creation functionality where a user can manipulate the user ID field through mass assignment. This allows an attacker to inject a different user ID into the preset object, c... Read more

    Affected Products : librechat
    • Published: Mar. 20, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2024-12570

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's `CI_JOB_TOKEN` to obtain a GitLab s... Read more

    Affected Products : gitlab
    • Published: Dec. 12, 2024
    • Modified: Jul. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-8179

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled.... Read more

    Affected Products : gitlab
    • Published: Dec. 12, 2024
    • Modified: Jul. 11, 2025

  • 9.1

    CRITICAL
    CVE-2024-10361

    An arbitrary file deletion vulnerability exists in danny-avila/librechat version v0.7.5-rc2, specifically within the /api/files endpoint. This vulnerability arises from improper input validation, allowing path traversal techniques to delete arbitrary file... Read more

    Affected Products : librechat
    • Published: Mar. 20, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2024-8233

    An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request.... Read more

    Affected Products : gitlab
    • Published: Dec. 12, 2024
    • Modified: Jul. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-10363

    In version 0.7.5 of danny-avila/LibreChat, there is an improper access control vulnerability. Users can share, use, and create prompts without being granted permission by the admin. This can break application logic and permissions, allowing unauthorized a... Read more

    Affected Products : librechat
    • Published: Mar. 20, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2019-20208

    dimC_Read in isomedia/box_code_3gpp.c in GPAC from 0.5.2 to 0.8.0 has a stack-based buffer overflow.... Read more

    Affected Products : gpac debian_linux
    • EPSS Score: %0.51
    • Published: Jan. 02, 2020
    • Modified: Jul. 11, 2025

  • 6.7

    MEDIUM
    CVE-2023-41842

    A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and b... Read more

    • Published: Mar. 12, 2024
    • Modified: Jul. 11, 2025

  • 6.5

    MEDIUM
    CVE-2018-1000519

    aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttp_session/redis_storage.py#L42) that can result in Session Hijacking. This att... Read more

    • EPSS Score: %0.22
    • Published: Jun. 26, 2018
    • Modified: Jul. 11, 2025

  • 6.5

    MEDIUM
    CVE-2019-13454

    ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.... Read more

    • EPSS Score: %0.36
    • Published: Jul. 09, 2019
    • Modified: Jul. 11, 2025

  • 7.3

    HIGH
    CVE-2024-27613

    Numbas editor before 7.3 mishandles reading of themes and extensions.... Read more

    Affected Products : numbas editor
    • Published: Mar. 08, 2024
    • Modified: Jul. 11, 2025
Showing 20 of 292742 Results