Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2025-6806

    Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to expl... Read more

    Affected Products : qconvergeconsole
    • Published: Jul. 07, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-6807

    Marvell QConvergeConsole getDriverTmpPath Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not r... Read more

    Affected Products : qconvergeconsole
    • Published: Jul. 07, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2023-52725

    Open Networking Foundation SD-RAN ONOS onos-kpimon 0.4.7 allows blocking of the errCh channel within the Start function of the monitoring package.... Read more

    Affected Products : onos-kpimon
    • Published: Apr. 30, 2024
    • Modified: Jul. 14, 2025

  • 6.5

    MEDIUM
    CVE-2023-52726

    Open Networking Foundation SD-RAN ONOS onos-ric-sdk-go 0.8.12 allows infinite repetition of the processing of an error (in the Subscribe function implementation for the subscribed indication stream).... Read more

    Affected Products : onos onos-ric-sdk-go
    • Published: Apr. 30, 2024
    • Modified: Jul. 14, 2025

  • 5.5

    MEDIUM
    CVE-2023-52728

    Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in putBitString.... Read more

    Affected Products : onos-lib-go
    • Published: Apr. 30, 2024
    • Modified: Jul. 14, 2025

  • 8.1

    HIGH
    CVE-2023-52727

    Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in parseAlignBits.... Read more

    Affected Products : onos-lib-go
    • Published: Apr. 30, 2024
    • Modified: Jul. 14, 2025

  • 8.1

    HIGH
    CVE-2023-52724

    Open Networking Foundation SD-RAN onos-kpimon 0.4.7 allows out-of-bounds array access in the processIndicationFormat1 function.... Read more

    Affected Products : onos-kpimon
    • Published: Apr. 30, 2024
    • Modified: Jul. 14, 2025

  • 6.5

    MEDIUM
    CVE-2024-11033

    A Denial of Service (DoS) vulnerability exists in the file upload feature of binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this ... Read more

    Affected Products : gpt_academic
    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2024-9993

    The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_event_details_text parameter of Event Calendar Widget in all versions... Read more

    Affected Products : essential_addons_for_elementor
    • Published: Jun. 07, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-9994

    The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_pricing_item_tooltip_content parameter of the Pricing Table Widget in... Read more

    Affected Products : essential_addons_for_elementor
    • Published: Jun. 07, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-1440

    The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aip_map_url_callback() function in all versions up to, and including, 2024.5 due to insufficient restrictions. This makes it possible for unauthent... Read more

    Affected Products : advanced_iframe
    • Published: Mar. 26, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Misconfiguration

  • 7.7

    HIGH
    CVE-2024-11030

    GPT Academic version 3.83 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability through its HotReload plugin function, which calls the crazy_utils.get_files_from_everything() API without proper sanitization. This allows attackers to exploit ... Read more

    Affected Products : gpt_academic
    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.4

    MEDIUM
    CVE-2025-1437

    The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2024.5 due to insufficient input sanitization and output escaping on user supplied att... Read more

    Affected Products : advanced_iframe
    • Published: Mar. 26, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-1439

    The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2024.5 due to insufficient input sanitization and output escaping on user supplied att... Read more

    Affected Products : advanced_iframe
    • Published: Mar. 26, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-20680

    In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418044... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2024-10986

    GPT Academic version 3.83 is vulnerable to a Local File Read (LFI) vulnerability through its HotReload function. This function can download and extract tar.gz files from arxiv.org. Despite implementing protections against path traversal, the application o... Read more

    Affected Products : gpt_academic
    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-20687

    In Bluetooth driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418045; Issue... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-47109

    After Effects versions 25.2, 24.6.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to service... Read more

    Affected Products : macos windows after_effects
    • Published: Jul. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-43587

    After Effects versions 25.2, 24.6.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this i... Read more

    Affected Products : macos windows after_effects
    • Published: Jul. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-33054

    Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authorization
Showing 20 of 291712 Results