Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2024-38657

    External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Feb. 21, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-42815

    In the TP-Link RE365 V1_180213, there is a buffer overflow vulnerability due to the lack of length verification for the USER_AGENT field in /usr/bin/httpd. Attackers who successfully exploit this vulnerability can cause the remote target device to crash o... Read more

    Affected Products : re365_firmware re365
    • Published: Aug. 19, 2024
    • Modified: Jul. 09, 2025

  • 5.1

    MEDIUM
    CVE-2025-25772

    A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitrarily add Administrator accounts via a crafted request.... Read more

    Affected Products : jspxcms
    • Published: Feb. 21, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2024-6448

    The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 7.7.0. This is due to the error reporting being enabled by default in multiple plugin files. This makes it possible for un... Read more

    Affected Products : mollie_payments_for_woocommerce
    • Published: Aug. 28, 2024
    • Modified: Jul. 09, 2025

  • 7.4

    HIGH
    CVE-2024-2299

    A stored Cross-Site Scripting (XSS) vulnerability exists in the parisneo/lollms-webui application due to improper validation of uploaded files in the profile picture upload functionality. Attackers can exploit this vulnerability by uploading malicious HTM... Read more

    • Published: May. 14, 2024
    • Modified: Jul. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-2358

    A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The vulnerability arises due to insufficient sanitization of user-supplied input in the configuration settings, specifica... Read more

    • Published: May. 16, 2024
    • Modified: Jul. 09, 2025

  • 9.6

    CRITICAL
    CVE-2024-2361

    A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to insufficient sanitization of user-supplied input. Specifically, the issue resides in the `install_model()` function within `lollms_core/lollms/binding.py`, where... Read more

    • Published: May. 16, 2024
    • Modified: Jul. 09, 2025

  • 9.0

    CRITICAL
    CVE-2024-2366

    A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstall_binding functionality in lollms_core/lollms/server/endpoints/lollms_binding_infos.py of the latest version. The vulnerability arises d... Read more

    • Published: May. 16, 2024
    • Modified: Jul. 09, 2025

  • 8.4

    HIGH
    CVE-2024-3126

    A command injection vulnerability exists in the 'run_xtts_api_server' function of the parisneo/lollms-webui application, specifically within the 'lollms_xtts.py' script. The vulnerability arises due to the improper neutralization of special elements used ... Read more

    • Published: May. 16, 2024
    • Modified: Jul. 09, 2025

  • 8.4

    HIGH
    CVE-2024-3435

    A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in ... Read more

    • Published: May. 16, 2024
    • Modified: Jul. 09, 2025

  • 7.5

    HIGH
    CVE-2024-4322

    A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `/list_personalities` endpoint. By manipulating the `category` parameter, an attacker can traverse the directory structure and list any directory on th... Read more

    • Published: May. 16, 2024
    • Modified: Jul. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-4326

    A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the `/apply_settings` and `/execute_code` endpoints. Attackers can bypass protections by... Read more

    • Published: May. 16, 2024
    • Modified: Jul. 09, 2025

  • 4.0

    MEDIUM
    CVE-2024-4330

    A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'list_personalities' endpoint. By crafting a malicious ... Read more

    • Published: May. 30, 2024
    • Modified: Jul. 09, 2025

  • 7.5

    HIGH
    CVE-2024-2178

    A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'copy_to_custom_personas' endpoint in the 'lollms_personalities_infos.py' file. This vulnerability allows attackers to read arbitrary files by manipulating the 'ca... Read more

    • Published: Jun. 02, 2024
    • Modified: Jul. 09, 2025

  • 7.8

    HIGH
    CVE-2025-26674

    Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.7

    HIGH
    CVE-2024-4498

    A Path Traversal and Remote File Inclusion (RFI) vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the `/apply_settings` function, allowing ... Read more

    • Published: Jun. 25, 2024
    • Modified: Jul. 09, 2025

  • 7.8

    HIGH
    CVE-2025-26675

    Out-of-bounds read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-6250

    An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the `open_file` endpoint of `lollms_advanced.py`. The `sanitize_path` function with `allow_absolute_path=True` allows an attacker to access arbitrary files and ... Read more

    • Published: Jun. 27, 2024
    • Modified: Jul. 09, 2025

  • 8.4

    HIGH
    CVE-2024-4897

    parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-python version llama_cpp_python-0.2.61+cpuavx2-cp311-cp311-manylinux_2_31_x86_64. The vulnerability arises from the application... Read more

    • Published: Jul. 02, 2024
    • Modified: Jul. 09, 2025

  • 7.5

    HIGH
    CVE-2024-6394

    A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the `serve_js` function in `app.py`, which allows attackers to perform path traversal attacks. This can ... Read more

    Affected Products : lollms_webui lollms_web_ui
    • Published: Sep. 30, 2024
    • Modified: Jul. 09, 2025
Showing 20 of 293554 Results