Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-30140

    An issue was discovered on G-Net Dashcam BB GONX devices. A Public Domain name is Used for the Internal Domain Name. It uses an unregistered public domain name as an internal domain, creating a security risk. This domain was not owned by GNET originally, ... Read more

    Affected Products : g-onx_firmware g-onx
    • Published: Mar. 18, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Misconfiguration

  • 2.6

    LOW
    CVE-2025-25183

    vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Pr... Read more

    Affected Products : vllm
    • Published: Feb. 07, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Misconfiguration

  • 9.0

    CRITICAL
    CVE-2025-29783

    vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP on all network interfaces will allow attackers to execute remote code on di... Read more

    Affected Products : vllm
    • Published: Mar. 19, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-48944

    vLLM is an inference and serving engine for large language models (LLMs). In version 0.8.0 up to but excluding 0.9.0, the vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the "pattern" and... Read more

    Affected Products : vllm
    • Published: May. 30, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-27412

    REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting (XSS) on the page of AddOns. This vulnerability is fixed in 5.18.3.... Read more

    Affected Products : redaxo
    • Published: Mar. 05, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-27411

    REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3.... Read more

    Affected Products : redaxo
    • Published: Mar. 05, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-44849

    Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.... Read more

    Affected Products : qualitor
    • Published: Sep. 09, 2024
    • Modified: Jul. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-48359

    Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the gridValoresPopHidden parameter.... Read more

    Affected Products : qualitor
    • Published: Oct. 31, 2024
    • Modified: Jul. 01, 2025

  • 7.5

    HIGH
    CVE-2024-48360

    Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php.... Read more

    Affected Products : qualitor
    • Published: Oct. 31, 2024
    • Modified: Jul. 01, 2025

  • 8.1

    HIGH
    CVE-2024-45106

    Improper authentication of an HTTP endpoint in the S3 Gateway of Apache Ozone 1.4.0 allows any authenticated Kerberos user to revoke and regenerate the S3 secrets of any other user. This is only possible if: * ozone.s3g.secret.http.enabled is set to tr... Read more

    Affected Products : ozone
    • Published: Dec. 03, 2024
    • Modified: Jul. 01, 2025

  • 2.6

    LOW
    CVE-2024-45719

    Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users a... Read more

    Affected Products : answer
    • Published: Nov. 22, 2024
    • Modified: Jul. 01, 2025

  • 8.5

    HIGH
    CVE-2024-45219

    Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or v... Read more

    Affected Products : cloudstack
    • Published: Oct. 16, 2024
    • Modified: Jul. 01, 2025

  • 8.1

    HIGH
    CVE-2024-45217

    Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets... Read more

    Affected Products : solr
    • Published: Oct. 16, 2024
    • Modified: Jul. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-45216

    Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL pa... Read more

    Affected Products : solr
    • Published: Oct. 16, 2024
    • Modified: Jul. 01, 2025

  • 8.8

    HIGH
    CVE-2024-42323

    SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating).  This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.0. Users are recommended to upgrade to... Read more

    Affected Products : hertzbeat
    • Published: Sep. 21, 2024
    • Modified: Jul. 01, 2025

  • 6.2

    MEDIUM
    CVE-2024-39884

    A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.   "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code ... Read more

    Affected Products : http_server ontap_tools
    • Published: Jul. 04, 2024
    • Modified: Jul. 01, 2025

  • 7.5

    HIGH
    CVE-2024-39573

    Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.... Read more

    Affected Products : http_server ontap
    • Published: Jul. 01, 2024
    • Modified: Jul. 01, 2025

  • 8.1

    HIGH
    CVE-2024-38473

    Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.6... Read more

    Affected Products : http_server ontap
    • Published: Jul. 01, 2024
    • Modified: Jul. 01, 2025

  • 7.5

    HIGH
    CVE-2024-38472

    SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue.  Note: Existing configurations that a... Read more

    Affected Products : http_server ontap
    • Published: Jul. 01, 2024
    • Modified: Jul. 01, 2025

  • 7.8

    HIGH
    CVE-2025-4525

    A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack needs to be ap... Read more

    Affected Products : windows discord
    • Published: May. 10, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293940 Results