Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2024-7048

    In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a highe... Read more

    Affected Products : open_webui
    • Published: Oct. 10, 2024
    • Modified: Jul. 29, 2025

  • 7.8

    HIGH
    CVE-2024-48958

    execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.... Read more

    Affected Products : libarchive
    • Published: Oct. 10, 2024
    • Modified: Aug. 29, 2025

  • 7.8

    HIGH
    CVE-2024-48957

    execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.... Read more

    Affected Products : libarchive
    • Published: Oct. 10, 2024
    • Modified: Aug. 29, 2025

  • 9.1

    CRITICAL
    CVE-2024-48949

    The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation.... Read more

    Affected Products : elliptic elliptic
    • Published: Oct. 10, 2024
    • Modified: Mar. 25, 2025

  • 9.1

    CRITICAL
    CVE-2024-48942

    The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are val... Read more

    Affected Products : secure_login
    • Published: Oct. 10, 2024
    • Modified: Oct. 11, 2024

  • 9.1

    CRITICAL
    CVE-2024-48941

    The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted.... Read more

    Affected Products : secure_login
    • Published: Oct. 10, 2024
    • Modified: Oct. 11, 2024

  • 5.5

    MEDIUM
    CVE-2024-8264

    Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled.... Read more

    Affected Products : robot_schedule
    • Published: Oct. 09, 2024
    • Modified: Oct. 17, 2024

  • 6.1

    MEDIUM
    CVE-2024-48933

    A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML charact... Read more

    Affected Products : lemonldap\
    • Published: Oct. 09, 2024
    • Modified: Oct. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-7041

    An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint `http://0.0.0.0:3000/api/v1/memories/{id}/update`, where the decentralization design is flawed, allowing ... Read more

    Affected Products : open_webui
    • Published: Oct. 09, 2024
    • Modified: Jul. 29, 2025

  • 7.2

    HIGH
    CVE-2024-7037

    In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHE_DIR. This vulnerability allows attackers to overwrite and delete syst... Read more

    Affected Products : open_webui
    • Published: Oct. 09, 2024
    • Modified: Jul. 29, 2025

  • 8.7

    HIGH
    CVE-2024-39525

    An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specific BGP packet to cause rpd to crash and re... Read more

    Affected Products : junos junos_os_evolved
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 8.7

    HIGH
    CVE-2024-39516

    An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, ... Read more

    Affected Products : junos junos_os_evolved
    • Published: Oct. 09, 2024
    • Modified: Oct. 16, 2024

  • 8.7

    HIGH
    CVE-2024-39515

    An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause r... Read more

    Affected Products : junos junos_os_evolved
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 6.7

    MEDIUM
    CVE-2024-38818

    VMware NSX contains a local privilege escalation vulnerability.  An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned.... Read more

    Affected Products : cloud_foundation cloud_foundation
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 6.7

    MEDIUM
    CVE-2024-38817

    VMware NSX contains a command injection vulnerability.  A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root.... Read more

    Affected Products : cloud_foundation cloud_foundation
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 4.3

    MEDIUM
    CVE-2024-38815

    VMware NSX contains a content spoofing vulnerability.  An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure.... Read more

    Affected Products : cloud_foundation cloud_foundation
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 5.7

    MEDIUM
    CVE-2024-30118

    HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data.... Read more

    Affected Products : connections
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 2.7

    LOW
    CVE-2024-7038

    An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides diff... Read more

    Affected Products : open_webui
    • Published: Oct. 09, 2024
    • Modified: Nov. 03, 2024

  • 6.5

    MEDIUM
    CVE-2024-47833

    Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in rel... Read more

    Affected Products : taipy
    • Published: Oct. 09, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-47832

    ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits... Read more

    Affected Products : ssoready
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024
Showing 20 of 294860 Results