Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CVSS31
    CVE-2025-7593

    A vulnerability was found in code-projects Job Diary 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view-all.php. The manipulation of the argument ID leads to sql injection. The attack may be launched rem... Read more

    Affected Products : job_diary
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 9.8

    CVSS31
    CVE-2025-7594

    A vulnerability was found in code-projects Job Diary 1.0. It has been classified as critical. This affects an unknown part of the file /view-emp.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotel... Read more

    Affected Products : job_diary
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 9.8

    CVSS31
    CVE-2025-7595

    A vulnerability was found in code-projects Job Diary 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view-cad.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely... Read more

    Affected Products : job_diary
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 9.8

    CVSS31
    CVE-2025-7606

    A vulnerability classified as critical has been found in code-projects AVL Rooms 1.0. This affects an unknown part of the file /city.php. The manipulation of the argument city leads to sql injection. It is possible to initiate the attack remotely. The exp... Read more

    Affected Products : avl_rooms
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 9.8

    CVSS31
    CVE-2025-7607

    A vulnerability, which was classified as critical, has been found in code-projects Simple Shopping Cart 1.0. This issue affects some unknown processing of the file /Customers/save_order.php. The manipulation of the argument order_price leads to sql inject... Read more

    Affected Products : simple_shopping_cart
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 9.8

    CVSS31
    CVE-2025-7608

    A vulnerability, which was classified as critical, was found in code-projects Simple Shopping Cart 1.0. Affected is an unknown function of the file /userlogin.php. The manipulation of the argument user_email leads to sql injection. It is possible to launc... Read more

    Affected Products : simple_shopping_cart
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 9.8

    CVSS31
    CVE-2025-7609

    A vulnerability has been found in code-projects Simple Shopping Cart 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument ruser_email leads to sql injection.... Read more

    Affected Products : simple_shopping_cart
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 9.8

    CVSS31
    CVE-2025-7610

    A vulnerability was found in code-projects Electricity Billing System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user/change_password.php. The manipulation of the argument new_password leads to sql in... Read more

    Affected Products : electricity_billing_system
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 9.8

    CVSS31
    CVE-2025-7611

    A vulnerability was found in code-projects Wedding Reservation 1.0. It has been classified as critical. This affects an unknown part of the file /global.php. The manipulation of the argument lu leads to sql injection. It is possible to initiate the attack... Read more

    Affected Products : wedding_reservation
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 9.8

    CVSS31
    CVE-2025-7612

    A vulnerability was found in code-projects Mobile Shop 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remote... Read more

    Affected Products : mobile_shop
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 9.8

    CVSS31
    CVE-2025-52376

    An authentication bypass vulnerability in the /web/um_open_telnet.cgi endpoint in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below, allowing an attacker to remotely enable the Telnet service without authentication, bypassing security contr... Read more

    Affected Products :
    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025

  • 9.1

    CVSS31
    CVE-2025-7341

    The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the temp_file_delete() function in all versions up to, and i... Read more

    Affected Products :
    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025

  • 9.8

    CVSS31
    CVE-2025-7451

    The iSherlock developed by Hgiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. This vulnerability has already been exploited. Please update immediately.... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 9.8

    CVSS31
    CVE-2025-7574

    A vulnerability, which was classified as critical, was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. Affected is the function reboot/restore of the file /cgi-bin/lighttpd.cgi of the component Web... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 9.0

    CVSS31
    CVE-2025-53835

    XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 5.4.5 and prior to version 14.10, the XHTML syntax depended on the `xdom+xml/current... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 10.0

    CVSS31
    CVE-2025-53833

    LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulner... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 9.9

    CVSS31
    CVE-2025-53836

    XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro... Read more

    Affected Products :
    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025

  • 9.6

    CVSS31
    CVE-2025-3621

    Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows Remote Code Inclusion on host systems.  * vulnerabilities: * Improper Neutralization of Special Elements used in a Command ('Command Injection') * Use o... Read more

    Affected Products :
    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025

  • 9.8

    CVSS31
    CVE-2025-53890

    pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the... Read more

    Affected Products :
    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025

  • 9.8

    CVSS31
    CVE-2025-5394

    The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the alone_import_pack_install_plugin() function in all versions up to, and including, 7.8.3. This ... Read more

    Affected Products :
    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025
Showing 20 of 24 Results
© cvefeed.io
Latest DB Update: Jul. 15, 2025 18:32