Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-7472

    lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API (/v1/users/send-verification) and Sign up API (/auth/signup). An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFi... Read more

    Affected Products : lunary
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-7042

    A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration... Read more

    Affected Products : langchain langchain.js
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 7.5

    HIGH
    CVE-2024-7010

    mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password ha... Read more

    Affected Products : localai
    • Published: Oct. 29, 2024
    • Modified: Nov. 14, 2024

  • 9.8

    CRITICAL
    CVE-2024-6868

    mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives (e.g., .tar), these archives are automatically extracted after downloadi... Read more

    Affected Products : localai
    • Published: Oct. 29, 2024
    • Modified: Nov. 13, 2024

  • 8.1

    HIGH
    CVE-2024-6674

    A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability can also enable attackers... Read more

    Affected Products : lollms_web_ui
    • Published: Oct. 29, 2024
    • Modified: Nov. 01, 2024

  • 6.5

    MEDIUM
    CVE-2024-6673

    A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID... Read more

    Affected Products : lollms_web_ui
    • Published: Oct. 29, 2024
    • Modified: Nov. 01, 2024

  • 9.0

    CRITICAL
    CVE-2024-6581

    A vulnerability in the discussion image upload function of the Lollms application, version v9.9, allows for the uploading of SVG files. Due to incomplete filtering in the sanitize_svg function, this can lead to cross-site scripting (XSS) vulnerabilities, ... Read more

    • Published: Oct. 29, 2024
    • Modified: Nov. 01, 2024

  • 9.8

    CRITICAL
    CVE-2024-5982

    A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the lo... Read more

    Affected Products : chuanhuchatgpt
    • Published: Oct. 29, 2024
    • Modified: Nov. 14, 2024

  • 9.1

    CRITICAL
    CVE-2024-5823

    A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within the system. Exploiting this vulnerability can lead... Read more

    Affected Products : chuanhuchatgpt
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 8.8

    HIGH
    CVE-2024-51181

    A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/admin/profile.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via " searchifsccode" parameter.... Read more

    Affected Products : ifsc_code_finder
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 8.8

    HIGH
    CVE-2024-51180

    A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/index.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via the "searchifsccode" parameter.... Read more

    Affected Products : ifsc_code_finder
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 7.1

    HIGH
    CVE-2024-49645

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ilias Gomatos Affiliate Platform allows Reflected XSS.This issue affects Affiliate Platform: from n/a through 1.4.8.... Read more

    Affected Products : affiliate_platform
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 7.1

    HIGH
    CVE-2024-49643

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Abdullah Irfan Whitelist allows Reflected XSS.This issue affects Whitelist: from n/a through 3.5.... Read more

    Affected Products : whitelist
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 7.1

    HIGH
    CVE-2024-49641

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tidaweb Tida URL Screenshot allows Reflected XSS.This issue affects Tida URL Screenshot: from n/a through 1.0.... Read more

    Affected Products : tida_url_screenshot
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 7.1

    HIGH
    CVE-2024-49640

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AmaderCode Lab ACL Floating Cart for WooCommerce allows Reflected XSS.This issue affects ACL Floating Cart for WooCommerce: from n/a through 0.9.... Read more

    Affected Products : acl_floating_cart_for_woocommerce
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 7.1

    HIGH
    CVE-2024-49639

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Edward Stoever Monitor.Chat allows Reflected XSS.This issue affects Monitor.Chat: from n/a through 1.1.1.... Read more

    Affected Products : monitor.chat
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 7.1

    HIGH
    CVE-2024-49638

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali Azlan Risk Warning Bar allows Reflected XSS.This issue affects Risk Warning Bar: from n/a through 1.0.... Read more

    Affected Products : risk_warning_bar
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 7.1

    HIGH
    CVE-2024-49637

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Foxskav Bet WC 2018 Russia allows Reflected XSS.This issue affects Bet WC 2018 Russia: from n/a through 2.1.... Read more

    Affected Products : bet_wc_2018_russia
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 7.1

    HIGH
    CVE-2024-49636

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Prashant Mavinkurve Agile Video Player Lite allows Reflected XSS.This issue affects Agile Video Player Lite: from n/a through 1.0.... Read more

    Affected Products : agile_video_player_lite
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 7.1

    HIGH
    CVE-2024-49635

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Manzurul Haque Banner Slider allows Reflected XSS.This issue affects Banner Slider: from n/a through 2.1.... Read more

    Affected Products : banner_slider
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024
Showing 20 of 293676 Results