Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-9308

    An open redirect vulnerability in haotian-liu/llava version v1.2.0 (LLaVA-1.6) allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, ... Read more

    • Published: Mar. 20, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-9229

    A Denial of Service (DoS) vulnerability in the file upload feature of stangirard/quivr v0.0.298 allows unauthenticated attackers to cause excessive resource consumption by appending characters to the end of a multipart boundary in an HTTP request. This le... Read more

    Affected Products : quivr
    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2024-9216

    An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users' chat history. The vulnerability arises because the username is provided via an HTTP request from the clien... Read more

    Affected Products : chuanhuchatgpt
    • Published: Mar. 20, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-9159

    An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. The vulnerability allows any user to restart the server at will, leading to a complete loss of availability. The issue arises because the function responsib... Read more

    Affected Products : chuanhuchatgpt
    • Published: Mar. 20, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2024-9107

    A stored cross-site scripting (XSS) vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, affecting version git 20b2e02. The vulnerability arises from improper sanitization of HTML tags in chat history uploads. Specifically, the sanitization ... Read more

    Affected Products : chuanhuchatgpt
    • Published: Mar. 20, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-9099

    In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint exposes both public and private API keys for all projects to users with minimal permissions, such as Viewers or Prompt Editors. This vulnerability allows unauthorized users to retrieve se... Read more

    Affected Products : lunary
    • Published: Mar. 20, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2024-9098

    In lunary-ai/lunary before version 1.4.30, a privilege escalation vulnerability exists where admins can invite new members with billing permissions, thereby gaining unauthorized access to billing resources. This issue arises because the user creation endp... Read more

    Affected Products : lunary
    • Published: Mar. 20, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Authorization

  • 7.6

    HIGH
    CVE-2024-9096

    In lunary-ai/lunary version 1.4.28, the /checklists/:id route allows low-privilege users to modify checklists by sending a PATCH request. The route lacks proper access control, such as middleware to ensure that only authorized users (e.g., project owners ... Read more

    Affected Products : lunary
    • Published: Mar. 20, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-9095

    In lunary-ai/lunary version v1.4.28, the /bigquery API route lacks proper access control, allowing any logged-in user to create a Datastream to Google BigQuery and export the entire database. This includes sensitive data such as password hashes and secret... Read more

    Affected Products : lunary
    • Published: Mar. 20, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-9070

    A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions <=1.3.4.post1. By setting specific parameters, an attacker can execute unauthorized arbitrary code on the server, causing severe harm. The vulnerability is trigg... Read more

    Affected Products : bentoml
    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-9056

    BentoML version v1.3.4post1 is vulnerable to a Denial of Service (DoS) attack. The vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. This causes the server to continuously pr... Read more

    Affected Products : bentoml
    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2024-9053

    vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server entrypoints. The core functionality run_server_loop() calls the function _make_handler_coro(), which directly uses cloudpickle.loads() on received messages w... Read more

    Affected Products : vllm vllm
    • Published: Mar. 20, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2024-9000

    In lunary-ai/lunary before version 1.4.26, the checklists.post() endpoint allows users to create or modify checklists without validating whether the user has proper permissions. This missing access control permits unauthorized users to create checklists, ... Read more

    Affected Products : lunary
    • Published: Mar. 20, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-8999

    lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to export the entire database data by creating a stream to Google BigQuery without ... Read more

    Affected Products : lunary
    • Published: Mar. 20, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-8998

    A Regular Expression Denial of Service (ReDoS) vulnerability exists in lunary-ai/lunary version git f07a845. The server uses the regex /{.*?}/ to match user-controlled strings. In the default JavaScript regex engine, this regex can take polynomial time to... Read more

    Affected Products : lunary
    • Published: Mar. 20, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-8984

    A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. The server continuously processes ea... Read more

    Affected Products : litellm
    • Published: Mar. 20, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 6.2

    MEDIUM
    CVE-2024-8982

    A Local File Inclusion (LFI) vulnerability in OpenLLM version 0.6.10 allows attackers to include files from the local server through the web application. This flaw could expose internal server files and potentially sensitive information such as configurat... Read more

    Affected Products :
    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2024-8966

    A vulnerability in the file upload process of gradio-app/gradio version @gradio/[email protected] allows for a Denial of Service (DoS) attack. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continu... Read more

    Affected Products : gradio video
    • Published: Mar. 20, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2024-8958

    In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths, an attacker can read and write files anywhere on the server, potentially leading to privil... Read more

    Affected Products : composio
    • Published: Mar. 20, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2024-8955

    A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allows an attacker to read the contents of any file in the system by exploiting the BROWSERTOOL_GOTO_PAGE and BROWSERTOOL_GET_PAGE_DETAILS ... Read more

    Affected Products : composio
    • Published: Mar. 20, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Server-Side Request Forgery
Showing 20 of 291741 Results