Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.5

    MEDIUM
    CVE-2024-38335

    IBM Security QRadar Network Threat Analytics 1.0.0 through 1.3.1 could allow a privileged user to cause a denial of service due to improper allocation of resources.... Read more

    • Published: Jul. 22, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2025-6741

    Improper access control in secure message component in Devolutions Server allows an authenticated user to steal unauthorized entries via the secure message entry attachment feature This issue affects the following versions : * Devolutions Server 202... Read more

    Affected Products : devolutions_server
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2025-6523

    Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authentication via brute forcing the short emergency codes generated by the server within a feasible timeframe. This issue af... Read more

    Affected Products : devolutions_server
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-51482

    Remote Code Execution in letta.server.rest_api.routers.v1.tools.run_tool_from_source in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary Python code and system commands via crafted payloads to the /v1/tools/run endpoint, bypassing intend... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Injection

  • 6.6

    MEDIUM
    CVE-2025-51481

    Local File Inclusion in dagster._grpc.impl.get_notebook_data in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebook_path field of ExternalNotebookData requests, bypa... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Path Traversal

  • 9.0

    HIGH
    CVE-2025-8019

    A vulnerability was found in Shenzhen Libituo Technology LBT-T300-T310 2.2.3.6. It has been rated as critical. Affected by this issue is the function sub_40B6F0 of the file at/appy.cgi. The manipulation of the argument wan_proto leads to buffer overflow. ... Read more

    • Published: Jul. 22, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2025-7371

    Okta On-Premises Provisioning (OPP) agents log certain user data during administrator-initiated password resets. This vulnerability allows an attacker with access to the local servers running OPP agents to retrieve user personal information and temporary ... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-5042

    A maliciously crafted RFA file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the cur... Read more

    Affected Products : revit
    • Published: Jul. 22, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-51480

    Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restri... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Path Traversal

  • 7.0

    HIGH
    CVE-2025-51463

    Path Traversal in restore_run_backup() in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitted to the run_instruction API, which is extracted without path validation during restorat... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-48498

    A null pointer dereference vulnerability exists in the Distributed Transaction component of Bloomberg Comdb2 8.1 when processing a number of fields used for coordination. A specially crafted protocol buffer message can lead to a denial of service. An atta... Read more

    Affected Products : comdb2
    • Published: Jul. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-46354

    A denial of service vulnerability exists in the Distributed Transaction Commit/Abort Operation functionality of Bloomberg Comdb2 8.1. A specially crafted network packet can lead to a denial of service. An attacker can send a malicious packet to trigger th... Read more

    Affected Products : comdb2
    • Published: Jul. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-36520

    A null pointer dereference vulnerability exists in the net_connectmsg Protocol Buffer Message functionality of Bloomberg Comdb2 8.1. A specially crafted network packets can lead to a denial of service. An attacker can send packets to trigger this vulnerab... Read more

    Affected Products : comdb2
    • Published: Jul. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-36512

    A denial of service vulnerability exists in the Bloomberg Comdb2 8.1 database when handling a distributed transaction heartbeat. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database inst... Read more

    Affected Products : comdb2
    • Published: Jul. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-35966

    A null pointer dereference vulnerability exists in the CDB2SQLQUERY protocol buffer message handling of Bloomberg Comdb2 8.1. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database instanc... Read more

    Affected Products : comdb2
    • Published: Jul. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-8018

    A vulnerability was found in code-projects Food Ordering Review System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user/reservation_page.php. The manipulation of the argument reg_Id leads ... Read more

    Affected Products : food_ordering_review_system
    • Published: Jul. 22, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-8015

    The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded image's 'Title' and 'Slide link' fields in all versions up to, and including, 7.4.2 due to insufficient input sanitization and... Read more

    Affected Products : shortcodes_ultimate
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-51865

    Ai2 playground web service (playground.allenai.org) LLM chat through 2025-06-03 is vulnerable to Insecure Direct Object Reference (IDOR), allowing attackers to gain sensitvie information via enumerating thread keys in the URL.... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-51864

    A reflected cross-site scripting (XSS) vulnerability exists in AIBOX LLM chat (chat.aibox365.cn) through 2025-05-27, allowing attackers to hijack accounts through stolen JWT tokens.... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-51863

    Self Cross Site Scripting (XSS) vulnerability in ChatGPT Unli (ChatGPTUnli.com) thru 2025-05-26 allows attackers to execute arbitrary code via a crafted SVG file to the chat interface.... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291222 Results