Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.1

    MEDIUM
    CVE-2025-53905

    Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires di... Read more

    Affected Products : vim
    • Published: Jul. 15, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-49841

    GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in process_ckpt.py. The SoVITS_dropdown variable takes user input and passes it to the load_sovits_new func... Read more

    Affected Products : gpt-sovits-webui
    • Published: Jul. 15, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-49840

    GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in inference_webui.py. The GPT_dropdown variable takes user input and passes it to the change_gpt_weights f... Read more

    Affected Products : gpt-sovits-webui
    • Published: Jul. 15, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-49839

    GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in bsroformer.py. The model_choose variable takes user input (e.g. a path to a model) and passes it to the ... Read more

    Affected Products : gpt-sovits-webui
    • Published: Jul. 15, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-49838

    GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPreDeEcho. The model_choose variable takes user input (e.g. a path to a model) and passes it ... Read more

    Affected Products : gpt-sovits-webui
    • Published: Jul. 15, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-49837

    GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPre. The model_choose variable takes user input (e.g. a path to a model) and passes it to the... Read more

    Affected Products : gpt-sovits-webui
    • Published: Jul. 15, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-49836

    GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py change_label function. path_list takes user input, which is passed to the change_label function, whic... Read more

    Affected Products : gpt-sovits-webui
    • Published: Jul. 15, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-49835

    GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py open_asr function. asr_inp_dir (and a number of other variables) takes user input, which is passed to... Read more

    Affected Products : gpt-sovits-webui
    • Published: Jul. 15, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-49834

    GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py open_denoise function. denoise_inp_dir and denoise_opt_dir take user input, which is passed to the op... Read more

    Affected Products : gpt-sovits-webui
    • Published: Jul. 15, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-49833

    GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in the webui.py open_slice function. slice_opt_root and slice-inp-path takes user input, which is passed to the o... Read more

    Affected Products : gpt-sovits-webui
    • Published: Jul. 15, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-49831

    An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there... Read more

    Affected Products :
    • Published: Jul. 15, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authentication

  • 5.9

    MEDIUM
    CVE-2025-30761

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf and 11.0.27; Oracle GraalVM Enterprise Edition: 21.3.14. ... Read more

    Affected Products : jdk jre graalvm java_se
    • Published: Jul. 15, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 4.9

    MEDIUM
    CVE-2025-53032

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to... Read more

    Affected Products : mysql_server
    • Published: Jul. 15, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-53031

    Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.8, 8.0.8.5, 8.0.8.6, 8.1.1.4 and 8.1.2.5. Easil... Read more

    • Published: Jul. 15, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authentication

  • 6.0

    MEDIUM
    CVE-2025-53030

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracl... Read more

    Affected Products : vm_virtualbox
    • Published: Jul. 15, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authorization

  • 2.3

    LOW
    CVE-2025-53029

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracl... Read more

    Affected Products : vm_virtualbox
    • Published: Jul. 15, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Information Disclosure

  • 8.2

    HIGH
    CVE-2025-53028

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracl... Read more

    Affected Products : vm_virtualbox
    • Published: Jul. 15, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-53027

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracl... Read more

    Affected Products : vm_virtualbox
    • Published: Jul. 15, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authorization

  • 6.0

    MEDIUM
    CVE-2025-53026

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracl... Read more

    Affected Products : vm_virtualbox
    • Published: Jul. 15, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authorization

  • 6.0

    MEDIUM
    CVE-2025-53025

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracl... Read more

    Affected Products : vm_virtualbox
    • Published: Jul. 15, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authorization
Showing 20 of 291384 Results