Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-12390

    A vulnerability in binary-husky/gpt_academic version git 310122f allows for remote code execution. The application supports the extraction of user-provided RAR files without proper validation. The Python rarfile module, which supports symlinks, can be exp... Read more

    Affected Products : gpt_academic
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2024-12389

    A path traversal vulnerability exists in binary-husky/gpt_academic version git 310122f. The application supports the extraction of user-provided 7z files without proper validation. The Python py7zr package used for extraction does not guarantee that files... Read more

    Affected Products : gpt_academic
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2024-12388

    A vulnerability in binary-husky/gpt_academic version 310122f allows for a Regular Expression Denial of Service (ReDoS) attack. The application uses a regular expression to parse user input, which can take polynomial time to match certain crafted inputs. T... Read more

    Affected Products : gpt_academic
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2024-12387

    A vulnerability in the binary-husky/gpt_academic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into memory, which c... Read more

    Affected Products : gpt_academic
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-12376

    A Server-Side Request Forgery (SSRF) vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise in... Read more

    Affected Products : fastchat
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2024-12375

    A local file inclusion vulnerability was identified in automatic1111/stable-diffusion-webui, affecting version git 82a973c. This vulnerability allows an attacker to read arbitrary files on the system by sending a specially crafted request to the applicati... Read more

    Affected Products : stable-diffusion-webui
    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2024-12374

    A stored cross-site scripting (XSS) vulnerability exists in automatic1111/stable-diffusion-webui version git 82a973c. An attacker can upload an HTML file, which the application interprets as content-type application/html. If a victim accesses the maliciou... Read more

    Affected Products : stable-diffusion-webui
    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-12217

    A vulnerability in the gradio-app/gradio repository, version git 67e4044, allows for path traversal on Windows OS. The implementation of the blocked_path functionality, which is intended to disallow users from reading certain files, is flawed. Specificall... Read more

    Affected Products : gradio
    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2024-12216

    A vulnerability in the `ImageClassificationDataset.from_csv()` API of the `dmlc/gluon-cv` repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts `tar.gz` files from URLs without proper sanitization, making it susc... Read more

    Affected Products :
    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2024-12215

    In kedro-org/kedro version 0.19.8, the `pull_package()` API function allows users to download and extract micro packages from the Internet. However, the function `project_wheel_metadata()` within the code path can execute the `setup.py` file inside the ta... Read more

    Affected Products :
    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-12074

    A Denial of Service (DoS) vulnerability was discovered in the file upload feature of automatic1111/stable-diffusion-webui version 1.10.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sendi... Read more

    Affected Products : stable-diffusion-webui
    • Published: Mar. 20, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-12070

    A Denial of Service (DoS) vulnerability exists in the file upload feature of haotian-liu/llava, specifically in Release v1.2.0 (LLaVA-1.6). The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sen... Read more

    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-12068

    A Server-Side Request Forgery (SSRF) vulnerability was discovered in haotian-liu/llava, affecting version git c121f04. This vulnerability allows an attacker to make the server perform HTTP requests to arbitrary URLs, potentially accessing sensitive data t... Read more

    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.5

    HIGH
    CVE-2024-12065

    A local file inclusion vulnerability exists in haotian-liu/llava at commit c121f04. This vulnerability allows an attacker to access any file on the system by sending multiple crafted requests to the server. The issue is due to improper input validation in... Read more

    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2024-12063

    A Denial of Service (DoS) vulnerability exists in the file upload feature of imartinez/privategpt version v0.6.2. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by ... Read more

    Affected Products : privategpt privategpt
    • Published: Mar. 20, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-12055

    A vulnerability in Ollama versions <=0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama server. When the server processes this malicious model, it crashes, leading to a Denial of Service (DoS) a... Read more

    Affected Products : ollama
    • Published: Mar. 20, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2024-12048

    An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' inf... Read more

    Affected Products : superagi
    • Published: Mar. 20, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-12044

    A remote code execution vulnerability exists in open-mmlab/mmdetection version v3.3.0. The vulnerability is due to the use of the `pickle.loads()` function in the `all_reduce_dict()` distributed training API without proper sanitization. This allows an att... Read more

    Affected Products :
    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2024-12039

    langgenius/dify version v0.10.1 contains a vulnerability where there are no limits applied to the number of code guess attempts for password reset. This allows an unauthenticated attacker to reset owner, admin, or other user passwords within a few hours b... Read more

    Affected Products : dify dify
    • Published: Mar. 20, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-12029

    A remote code execution vulnerability exists in invoke-ai/invokeai versions 5.3.1 through 5.4.2 via the /api/v2/models/install API. The vulnerability arises from unsafe deserialization of model files using torch.load without proper validation. Attackers c... Read more

    Affected Products :
    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291794 Results