Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.7

    MEDIUM
    CVE-2025-48908

    Ability Auto Startup service vulnerability in the foundation process Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Jun. 06, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Denial of Service

  • 6.2

    MEDIUM
    CVE-2025-48907

    Deserialization vulnerability in the IPC module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Jun. 06, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-6735

    A vulnerability classified as critical has been found in juzaweb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to launch the attack r... Read more

    Affected Products : cms
    • Published: Jun. 27, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-6736

    A vulnerability classified as critical was found in juzaweb CMS 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/theme/install of the component Add New Themes Page. The manipulation leads to improper authorization. T... Read more

    Affected Products : cms
    • Published: Jun. 27, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-52717

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chrisbadgett LifterLMS allows SQL Injection. This issue affects LifterLMS: from n/a through 8.0.6.... Read more

    Affected Products : lifterlms
    • Published: Jun. 27, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-1704

    ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful p... Read more

    Affected Products : chrome_os
    • Published: Apr. 16, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2025-44039

    CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections for its UART console. This vulnerability allows local attackers to connect to the UART port via a serial connection, read all boot sequence, and revealing in... Read more

    Affected Products : cp-xr-de21-s_firmware cp-xr-de21-s
    • Published: May. 13, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Misconfiguration

  • 4.9

    MEDIUM
    CVE-2025-27695

    Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.... Read more

    Affected Products : wyse_management_suite
    • Published: May. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-2762

    CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of CarlinKit CPC200-CCPA devices. An attacker must first obtain the ability to... Read more

    • Published: Apr. 23, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-2073

    Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure... Read more

    Affected Products : linux_kernel chrome_os
    • Published: Apr. 16, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Information Disclosure

  • 6.8

    MEDIUM
    CVE-2025-2763

    CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Authenticatio... Read more

    Affected Products : cpc200-ccpa autokit
    • Published: Apr. 23, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cryptography

  • 8.0

    HIGH
    CVE-2025-2764

    CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Alth... Read more

    Affected Products : cpc200-ccpa autokit
    • Published: Apr. 23, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-2765

    CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is ... Read more

    Affected Products : cpc200-ccpa autokit
    • Published: Apr. 23, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-6479

    The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'no_of_reviews' attribute in the woocommerce_reviews shortcode in all versions up to, and including, 1.2.3 due to insufficient escaping on the user suppl... Read more

    • Published: Oct. 31, 2024
    • Modified: Jul. 11, 2025

  • 6.4

    MEDIUM
    CVE-2024-6480

    The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'no_of_reviews' attribute in the woocommerce_reviews shortcode in all versions up to, and including, 1.2.3 due to insufficient input saniti... Read more

    • Published: Oct. 31, 2024
    • Modified: Jul. 11, 2025

  • 9.1

    CRITICAL
    CVE-2024-28265

    IBOS v4.5.5 has an arbitrary file deletion vulnerability via \system\modules\dashboard\controllers\LoginController.php.... Read more

    Affected Products : ibos
    • Published: Nov. 01, 2024
    • Modified: Jul. 11, 2025

  • 6.1

    MEDIUM
    CVE-2024-48059

    gaizhenbiao/chuanhuchatgpt project, version <=20240802 is vulnerable to stored Cross-Site Scripting (XSS) in WebSocket session transmission. An attacker can inject malicious content into a WebSocket message. When a victim accesses this session, the malici... Read more

    Affected Products : chuanhuchatgpt chuanhuchatgpt
    • Published: Nov. 04, 2024
    • Modified: Jul. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-10084

    The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7_get_post_var shortcode. This makes it possible for authenticated attackers, with Contribut... Read more

    • Published: Nov. 05, 2024
    • Modified: Jul. 11, 2025

  • 7.7

    HIGH
    CVE-2024-40715

    A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability.... Read more

    • Published: Nov. 07, 2024
    • Modified: Jul. 11, 2025

  • 6.1

    MEDIUM
    CVE-2024-10683

    The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3.1. This m... Read more

    Affected Products : paypal_\&_stripe_add-on
    • Published: Nov. 09, 2024
    • Modified: Jul. 11, 2025
Showing 20 of 291638 Results