Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-6868

    mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives (e.g., .tar), these archives are automatically extracted after downloadi... Read more

    Affected Products : localai
    • Published: Oct. 29, 2024
    • Modified: Nov. 13, 2024

  • 8.1

    HIGH
    CVE-2024-6674

    A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability can also enable attackers... Read more

    Affected Products : lollms_web_ui
    • Published: Oct. 29, 2024
    • Modified: Nov. 01, 2024

  • 6.5

    MEDIUM
    CVE-2024-6673

    A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID... Read more

    Affected Products : lollms_web_ui
    • Published: Oct. 29, 2024
    • Modified: Nov. 01, 2024

  • 9.0

    CRITICAL
    CVE-2024-6581

    A vulnerability in the discussion image upload function of the Lollms application, version v9.9, allows for the uploading of SVG files. Due to incomplete filtering in the sanitize_svg function, this can lead to cross-site scripting (XSS) vulnerabilities, ... Read more

    • Published: Oct. 29, 2024
    • Modified: Nov. 01, 2024

  • 9.8

    CRITICAL
    CVE-2024-5982

    A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the lo... Read more

    Affected Products : chuanhuchatgpt
    • Published: Oct. 29, 2024
    • Modified: Nov. 14, 2024

  • 9.1

    CRITICAL
    CVE-2024-5823

    A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within the system. Exploiting this vulnerability can lead... Read more

    Affected Products : chuanhuchatgpt
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 8.8

    HIGH
    CVE-2024-51181

    A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/admin/profile.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via " searchifsccode" parameter.... Read more

    Affected Products : ifsc_code_finder
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 8.8

    HIGH
    CVE-2024-51180

    A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/index.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via the "searchifsccode" parameter.... Read more

    Affected Products : ifsc_code_finder
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 7.1

    HIGH
    CVE-2024-49645

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ilias Gomatos Affiliate Platform allows Reflected XSS.This issue affects Affiliate Platform: from n/a through 1.4.8.... Read more

    Affected Products : affiliate_platform
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 7.1

    HIGH
    CVE-2024-49643

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Abdullah Irfan Whitelist allows Reflected XSS.This issue affects Whitelist: from n/a through 3.5.... Read more

    Affected Products : whitelist
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 7.1

    HIGH
    CVE-2024-49641

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tidaweb Tida URL Screenshot allows Reflected XSS.This issue affects Tida URL Screenshot: from n/a through 1.0.... Read more

    Affected Products : tida_url_screenshot
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 7.1

    HIGH
    CVE-2024-49640

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AmaderCode Lab ACL Floating Cart for WooCommerce allows Reflected XSS.This issue affects ACL Floating Cart for WooCommerce: from n/a through 0.9.... Read more

    Affected Products : acl_floating_cart_for_woocommerce
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 7.1

    HIGH
    CVE-2024-49639

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Edward Stoever Monitor.Chat allows Reflected XSS.This issue affects Monitor.Chat: from n/a through 1.1.1.... Read more

    Affected Products : monitor.chat
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 7.1

    HIGH
    CVE-2024-49638

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali Azlan Risk Warning Bar allows Reflected XSS.This issue affects Risk Warning Bar: from n/a through 1.0.... Read more

    Affected Products : risk_warning_bar
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 7.1

    HIGH
    CVE-2024-49637

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Foxskav Bet WC 2018 Russia allows Reflected XSS.This issue affects Bet WC 2018 Russia: from n/a through 2.1.... Read more

    Affected Products : bet_wc_2018_russia
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 7.1

    HIGH
    CVE-2024-49636

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Prashant Mavinkurve Agile Video Player Lite allows Reflected XSS.This issue affects Agile Video Player Lite: from n/a through 1.0.... Read more

    Affected Products : agile_video_player_lite
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 7.1

    HIGH
    CVE-2024-49635

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Manzurul Haque Banner Slider allows Reflected XSS.This issue affects Banner Slider: from n/a through 2.1.... Read more

    Affected Products : banner_slider
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 2.7

    LOW
    CVE-2024-41156

    Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users wit... Read more

    • Published: Oct. 29, 2024
    • Modified: Dec. 05, 2024

  • 7.2

    HIGH
    CVE-2024-41153

    Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privil... Read more

    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 9.1

    CRITICAL
    CVE-2024-10474

    Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.... Read more

    Affected Products : firefox_focus
    • Published: Oct. 29, 2024
    • Modified: Mar. 13, 2025
Showing 20 of 293673 Results