Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 5.3

    MEDIUM
    CVE-2025-6208

    The `SimpleDirectoryReader` component in `llama_index.core` version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit (`num_files_limit`) is applied after... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Denial of Service
  • 7.0

    HIGH
    CVE-2025-10279

    In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with write access to the `/tmp` directory to exploit a race cond... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Race Condition
  • 9.1

    CRITICAL
    CVE-2024-5986

    A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the `/3/Parse` endpoint to inject attacker-controlled data as the header of an empty file, which is t... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Path Traversal
  • 9.6

    CRITICAL
    CVE-2024-5386

    In lunary-ai/lunary version 1.2.2, an account hijacking vulnerability exists due to a password reset token leak. A user with a 'viewer' role can exploit this vulnerability to hijack another user's account by obtaining the password reset token. The vulnera... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Authorization
  • 7.5

    HIGH
    CVE-2024-4147

    In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to delete prompts created in other organizations through ID manipulation. The vulnerability stems from the application's failure to validate the o... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Authorization
  • 9.6

    CRITICAL
    CVE-2024-2356

    A Local File Inclusion (LFI) vulnerability exists in the '/reinstall_extension' endpoint of the parisneo/lollms-webui application, specifically within the `name` parameter of the `@router.post("/reinstall_extension")` route. This vulnerability allows atta... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Path Traversal
  • 3.1

    LOW
    CVE-2026-1751

    A vulnerability has been discovered in GitLab CE/EE affecting all versions starting with 16.8 before 18.5.0 that could have allowed unauthorized edits to merge request approval rules under certain conditions.... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Authorization
  • 8.2

    HIGH
    CVE-2026-1117

    A vulnerability in the `lollms_generation_events.py` component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The `add_events` function registers event handlers such as `generate_text`, `cancel_generation`, `... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Authentication
  • 7.5

    HIGH
    CVE-2024-54263

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13.... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Path Traversal
  • 0.0

    NA
    CVE-2026-20422

    In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User intera... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Denial of Service
  • 0.0

    NA
    CVE-2026-20421

    In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User intera... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Denial of Service
  • 0.0

    NA
    CVE-2026-20420

    In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interac... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Denial of Service
  • 7.5

    HIGH
    CVE-2026-20419

    In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for expl... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Denial of Service
  • 8.8

    HIGH
    CVE-2026-20418

    In Thread, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00465153; I... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Memory Corruption
  • 0.0

    NA
    CVE-2026-20417

    In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALP... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Memory Corruption
  • 0.0

    NA
    CVE-2026-20415

    In imgsys, there is a possible memory corruption due to improper locking. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363254; I... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Memory Corruption
  • 6.7

    MEDIUM
    CVE-2026-20414

    In imgsys, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS1... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Memory Corruption
  • 6.7

    MEDIUM
    CVE-2026-20413

    In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: A... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Memory Corruption
  • 7.8

    HIGH
    CVE-2026-20412

    In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Memory Corruption
  • 0.0

    NA
    CVE-2026-20411

    In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS1035... Read more

    Affected Products :
    • Published: Feb. 02, 2026
    • Modified: Feb. 02, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4306 Results