Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-12534

    In version v0.3.32 of open-webui/open-webui, the application allows users to submit large payloads in the email and password fields during the sign-in process due to the lack of character length validation on these inputs. This vulnerability can lead to a... Read more

    Affected Products : open_webui
    • Published: Mar. 20, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2024-12048

    An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' inf... Read more

    Affected Products : superagi
    • Published: Mar. 20, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-10267

    An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting to register a new account with an email that is alr... Read more

    Affected Products : superagi
    • Published: Mar. 20, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-12778

    A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service (DoS) attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root ... Read more

    Affected Products : aim
    • Published: Mar. 20, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-7036

    A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the 'name' field, causing the Admin panel to become unresponsive. This prevents administrators from performing essential user mana... Read more

    Affected Products : open_webui
    • Published: Mar. 20, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Denial of Service

  • 8.3

    HIGH
    CVE-2024-7039

    In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. The application allows an attacker, acting as an admin, to delete other administrators via the API endpoint `http://0.0.0.0:8080/api/v1/users/{uuid_administr... Read more

    Affected Products : open_webui
    • Published: Mar. 20, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Authorization

  • 4.9

    MEDIUM
    CVE-2024-7040

    In version v0.3.8 of open-webui/open-webui, there is an improper access control vulnerability. On the frontend admin page, administrators are intended to view only the chats of non-admin members. However, by modifying the user_id parameter, it is possible... Read more

    Affected Products : open_webui
    • Published: Mar. 20, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2024-7043

    An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the GET /api/v1/files/... Read more

    Affected Products : open_webui
    • Published: Mar. 20, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-7476

    A vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. This vulnerability affects unknown code of the file /admin/approve.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated... Read more

    • Published: Jul. 12, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7475

    A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part of the file /pay.php. The manipulation of the argument mpesa leads to sql injection. It is possible to initiate the attack re... Read more

    • Published: Jul. 12, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-7477

    A vulnerability, which was classified as critical, has been found in code-projects Simple Car Rental System 1.0. This issue affects some unknown processing of the file /admin/add_cars.php. The manipulation of the argument image leads to unrestricted uploa... Read more

    • Published: Jul. 12, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Misconfiguration

  • 9.4

    CRITICAL
    CVE-2025-22248

    The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the cluster. The PGPOOL_SR_CHECK_USER is the user that Pgpool itsel... Read more

    Affected Products : bitnami bitnami_popool bitnami\/pgpool
    • Published: May. 13, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2025-44177

    A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal se... Read more

    Affected Products : protop
    • Published: Jul. 09, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2024-3366

    A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. The manipulation leads to in... Read more

    Affected Products : xxl-job
    • Published: Apr. 06, 2024
    • Modified: Jul. 18, 2025

  • 6.5

    MEDIUM
    CVE-2025-53670

    Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to th... Read more

    Affected Products : nouvola_divecloud
    • Published: Jul. 09, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-53669

    Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.... Read more

    Affected Products : vaddy
    • Published: Jul. 09, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-53668

    Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.... Read more

    Affected Products : vaddy
    • Published: Jul. 09, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-53667

    Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's Snitch tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.... Read more

    Affected Products : dead_man\'s_snitch
    • Published: Jul. 09, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-53666

    Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.... Read more

    Affected Products : dead_man\'s_snitch
    • Published: Jul. 09, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-53665

    Jenkins Apica Loadtest Plugin 1.10 and earlier does not mask Apica Loadtest LTP authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.... Read more

    Affected Products : apica_loadtest
    • Published: Jul. 09, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291384 Results