Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-34043

    O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a certain E2AP-PDU message.... Read more

    Affected Products : ric-app-kpimon-go
    • Published: Apr. 30, 2024
    • Modified: Jul. 14, 2025

  • 8.2

    HIGH
    CVE-2025-6801

    Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required... Read more

    Affected Products : qconvergeconsole
    • Published: Jul. 07, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-6802

    Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not require... Read more

    Affected Products : qconvergeconsole
    • Published: Jul. 07, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-6803

    Marvell QConvergeConsole compressDriverFiles Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is no... Read more

    Affected Products : qconvergeconsole
    • Published: Jul. 07, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-6804

    Marvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication... Read more

    Affected Products : qconvergeconsole
    • Published: Jul. 07, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2025-6805

    Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not requir... Read more

    Affected Products : qconvergeconsole
    • Published: Jul. 07, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2025-6806

    Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to expl... Read more

    Affected Products : qconvergeconsole
    • Published: Jul. 07, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-6807

    Marvell QConvergeConsole getDriverTmpPath Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not r... Read more

    Affected Products : qconvergeconsole
    • Published: Jul. 07, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2023-52725

    Open Networking Foundation SD-RAN ONOS onos-kpimon 0.4.7 allows blocking of the errCh channel within the Start function of the monitoring package.... Read more

    Affected Products : onos-kpimon
    • Published: Apr. 30, 2024
    • Modified: Jul. 14, 2025

  • 6.5

    MEDIUM
    CVE-2023-52726

    Open Networking Foundation SD-RAN ONOS onos-ric-sdk-go 0.8.12 allows infinite repetition of the processing of an error (in the Subscribe function implementation for the subscribed indication stream).... Read more

    Affected Products : onos onos-ric-sdk-go
    • Published: Apr. 30, 2024
    • Modified: Jul. 14, 2025

  • 5.5

    MEDIUM
    CVE-2023-52728

    Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in putBitString.... Read more

    Affected Products : onos-lib-go
    • Published: Apr. 30, 2024
    • Modified: Jul. 14, 2025

  • 8.1

    HIGH
    CVE-2023-52727

    Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in parseAlignBits.... Read more

    Affected Products : onos-lib-go
    • Published: Apr. 30, 2024
    • Modified: Jul. 14, 2025

  • 8.1

    HIGH
    CVE-2023-52724

    Open Networking Foundation SD-RAN onos-kpimon 0.4.7 allows out-of-bounds array access in the processIndicationFormat1 function.... Read more

    Affected Products : onos-kpimon
    • Published: Apr. 30, 2024
    • Modified: Jul. 14, 2025

  • 6.5

    MEDIUM
    CVE-2024-11033

    A Denial of Service (DoS) vulnerability exists in the file upload feature of binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this ... Read more

    Affected Products : gpt_academic
    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2024-9993

    The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_event_details_text parameter of Event Calendar Widget in all versions... Read more

    Affected Products : essential_addons_for_elementor
    • Published: Jun. 07, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-9994

    The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_pricing_item_tooltip_content parameter of the Pricing Table Widget in... Read more

    Affected Products : essential_addons_for_elementor
    • Published: Jun. 07, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-1440

    The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aip_map_url_callback() function in all versions up to, and including, 2024.5 due to insufficient restrictions. This makes it possible for unauthent... Read more

    Affected Products : advanced_iframe
    • Published: Mar. 26, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Misconfiguration

  • 7.7

    HIGH
    CVE-2024-11030

    GPT Academic version 3.83 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability through its HotReload plugin function, which calls the crazy_utils.get_files_from_everything() API without proper sanitization. This allows attackers to exploit ... Read more

    Affected Products : gpt_academic
    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.4

    MEDIUM
    CVE-2025-1437

    The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2024.5 due to insufficient input sanitization and output escaping on user supplied att... Read more

    Affected Products : advanced_iframe
    • Published: Mar. 26, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-1439

    The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2024.5 due to insufficient input sanitization and output escaping on user supplied att... Read more

    Affected Products : advanced_iframe
    • Published: Mar. 26, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291589 Results