Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-6446

    An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issu... Read more

    Affected Products : fedora numpy
    • EPSS Score: %59.21
    • Published: Jan. 16, 2019
    • Modified: Jul. 21, 2025

  • 4.3

    MEDIUM
    CVE-2025-20300

    In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles, and has read-only acces... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Jul. 07, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-20319

    In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability `edit_scripted` and `list_inputs` capability , could perform a remote command execution due to improper user input san... Read more

    Affected Products : splunk
    • Published: Jul. 07, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-20320

    In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Jul. 07, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-20321

    In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119, an unauthenticated attacker can send a specially-crafted SPL search that could change the membership... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Jul. 07, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-20322

    In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a specially-crafted SPL search command that could trigger a ... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Jul. 07, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-20323

    In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search `Bucket Copy Trigger` within the Splunk Archiver application. This is bec... Read more

    Affected Products : splunk
    • Published: Jul. 07, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2025-20226

    In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a saved search... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Mar. 26, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-20227

    In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk ro... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Mar. 26, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-20228

    In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of Ap... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Mar. 26, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.0

    HIGH
    CVE-2025-20229

    In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Mar. 26, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-20231

    In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a se... Read more

    Affected Products : splunk splunk_secure_gateway
    • Published: Mar. 26, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2025-20232

    In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles coul... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Mar. 26, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-20324

    In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create or overwri... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Jul. 07, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Authorization

  • 9.0

    CRITICAL
    CVE-2024-8017

    An XSS vulnerability exists in open-webui/open-webui versions <= 0.3.8, specifically in the function that constructs the HTML for tooltips. This vulnerability allows attackers to perform operations with the victim's privileges, such as stealing chat histo... Read more

    Affected Products : open_webui
    • Published: Mar. 20, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.4

    HIGH
    CVE-2024-7990

    A stored cross-site scripting (XSS) vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the `/api/v1/models/add` endpoint, where the model description field is improperly sanitized before being rendered in chat. Th... Read more

    Affected Products : open_webui
    • Published: Mar. 20, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-7983

    In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server be... Read more

    Affected Products : open_webui
    • Published: Mar. 20, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2024-7959

    The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and retu... Read more

    Affected Products : open_webui
    • Published: Mar. 20, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.6

    CRITICAL
    CVE-2024-7760

    aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all e... Read more

    Affected Products : aim
    • Published: Mar. 20, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.8

    HIGH
    CVE-2025-21445

    Memory corruption while copying the result to the transmission queue which is shared between the virtual machine and the host.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291384 Results