Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2025-8032

    XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-8031

    The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Aug. 15, 2025

  • 8.1

    HIGH
    CVE-2025-8030

    Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 28, 2025

  • 8.1

    HIGH
    CVE-2025-8029

    Firefox executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-8028

    On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Fi... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 28, 2025

  • 6.5

    MEDIUM
    CVE-2025-8027

    On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, ... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 28, 2025

  • 8.7

    HIGH
    CVE-2025-7724

    An unauthenticated OS command injection vulnerability exists in VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P V1: before 1.1.5 Build 250518; VIGI NVR2016H-16MP V2: before 1.3.1 Build 250407.... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025

  • 8.5

    HIGH
    CVE-2025-7723

    A command injection vulnerability exists that can be exploited after authentication in VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P V1: before 1.1.5 Build 250518; VIGI NVR2016H-16MP V2: before 1.3.1 Build 250407.... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025

  • 6.1

    MEDIUM
    CVE-2025-51462

    Stored Cross-site Scripting (XSS) vulnerability in api.apps.dialog_app.set_dialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafted input to the assistant greeting field, which is stored unsanitised and rendered using a... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025

  • 5.0

    MEDIUM
    CVE-2025-51475

    Arbitrary File Overwrite (AFO) in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling of... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025

  • 6.5

    MEDIUM
    CVE-2025-51472

    Code Injection in AgentTemplate.eval_agent_config in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python code via malicious values in agent template configurations such as the goal, constraints, or instruction field, whi... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025

  • 6.5

    MEDIUM
    CVE-2025-51458

    SQL Injection in editor_sql_run and query_ex in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary SQL statements via crafted input passed to the /v1/editor/sql/run or /v1/editor/chart/run endpoints, interacting with api_editor_v1.edit... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025

  • 6.5

    MEDIUM
    CVE-2025-31513

    An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can elevate to administrator privileges via the IsAdminApprover parameter in a Request%20Building%20Access requestSubmit API call. The vendor has stated that the system is protected by ... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Aug. 18, 2025

  • 7.3

    HIGH
    CVE-2025-31512

    An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval via isAddedByApprover in a Request%20Building%20Access requestSubmit API call. The vendor has stated that the system is protected by updating to a version eq... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Aug. 18, 2025

  • 7.3

    HIGH
    CVE-2025-31511

    An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval by changing the user ID in a Request%20Building%20Access requestSubmit API call. The vendor has stated that the system is protected by updating to a version ... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Aug. 18, 2025

  • 5.4

    MEDIUM
    CVE-2025-51479

    Authorization bypass in update_user_group in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbitrary user groups via crafted PATCH requests to the /api/manage/admin/user-group/id endpoint, bypassing intended c... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025

  • 6.9

    MEDIUM
    CVE-2025-51471

    Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint.... Read more

    Affected Products : ollama
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025

  • 6.5

    MEDIUM
    CVE-2025-51459

    File Upload vulnerability in agent.hub.controller.refresh_plugins in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary code via a malicious plugin ZIP file uploaded to the /v1/personal/agent/upload endpoint, interacting with plugin_hu... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025

  • 8.8

    HIGH
    CVE-2025-51464

    Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python code submitted to the /api/reports endpoint, which is interpreted and executed by Pyodide when the report is... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025

  • 6.5

    MEDIUM
    CVE-2025-48964

    ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer ove... Read more

    Affected Products : iputils
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
Showing 20 of 291022 Results