Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-27782

    Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in inference.py. This issue may lead to writing arbitrary files on the Applio server. It can also be used in conjunction with an unsafe deserializati... Read more

    Affected Products : applio
    • Published: Mar. 19, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-27781

    Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in inference.py. `model_file` in inference.py as well as `model_file` in tts.py take user-supplied input (e.g. a path to a model) and pass that val... Read more

    Affected Products : applio
    • Published: Mar. 19, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-27780

    Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in model_information.py. `model_name` in model_information.py takes user-supplied input (e.g. a path to a model) and pass that value to the `run_mo... Read more

    Affected Products : applio
    • Published: Mar. 19, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-27779

    Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in `model_blender.py` lines 20 and 21. `model_fusion_a` and `model_fusion_b` from voice_blender.py take user-supplied input (e.g. a path to a model... Read more

    Affected Products : applio
    • Published: Mar. 19, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-27778

    Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in `infer.py`. The issue can lead to remote code execution. As of time of publication, a fix is available on the `main` branch of the Applio reposi... Read more

    Affected Products : applio
    • Published: Mar. 19, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 7.7

    HIGH
    CVE-2025-27777

    Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) in `model_download.py` (line 195 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to prob... Read more

    Affected Products : applio
    • Published: Mar. 19, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2025-27776

    Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) and file write in `model_download.py` (line 240 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio server and can be le... Read more

    Affected Products : applio
    • Published: Mar. 19, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2025-27775

    Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) and file write in `model_download.py` (line 143 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio server and can be le... Read more

    Affected Products : applio
    • Published: Mar. 19, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2025-27774

    Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) and file write in `model_download.py` (line 156 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio server and can be le... Read more

    Affected Products : applio
    • Published: Mar. 19, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-26816

    A vulnerability in Intrexx Portal Server 12.0.2 and earlier which was classified as problematic potentially allows users with particular permissions under certain conditions to see potentially sensitive data from a different user context.... Read more

    Affected Products :
    • Published: Mar. 19, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2024-55009

    A reflected cross-site scripting (XSS) vulnerability in AutoBib - Bibliographic collection management system 3.1.140 and earlier allows attackers to execute arbitrary Javascript in the context of a victim's browser via injecting a crafted payload into the... Read more

    Affected Products : autobib
    • Published: Mar. 19, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.7

    LOW
    CVE-2025-30258

    In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "ve... Read more

    Affected Products : gnupg
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-27705

    There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.53. Attackers with system administrator permissions can interfere with another system administrator’s use of the manage... Read more

    Affected Products : secure_access
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-2536

    Cross-site scripting (XSS) vulnerability on Liferay Portal 7.4.3.82 through 7.4.3.128, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 82 through... Read more

    Affected Products : liferay_portal dxp
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-2476

    Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)... Read more

    Affected Products : chrome edge_chromium
    • Published: Mar. 19, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-27704

    There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.53. Attackers with system administrator permissions can interfere with another system administrator’s use of the manage... Read more

    Affected Products : secure_access
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-27415

    Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is po... Read more

    Affected Products : nuxt
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2024-7631

    A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.go#L112 Because o... Read more

    Affected Products :
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2024-57061

    An issue in Termius Version 9.9.0 through v.9.16.0 allows a physically proximate attacker to execute arbitrary code via the insecure Electron Fuses configuration.... Read more

    Affected Products :
    • Published: Mar. 19, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Misconfiguration

  • 8.4

    HIGH
    CVE-2024-51459

    IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions.... Read more

    • Published: Mar. 19, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Authorization
Showing 20 of 293333 Results