Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    CVSS31
    CVE-2025-26186

    SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker to execute arbitrary code via the id parameter in Ajax.php... Read more

    Affected Products :
    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025

  • 9.8

    CVSS31
    CVE-2025-7609

    A vulnerability has been found in code-projects Simple Shopping Cart 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument ruser_email leads to sql injection.... Read more

    Affected Products : simple_shopping_cart
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 9.8

    CVSS31
    CVE-2025-7610

    A vulnerability was found in code-projects Electricity Billing System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user/change_password.php. The manipulation of the argument new_password leads to sql in... Read more

    Affected Products : electricity_billing_system
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 9.8

    CVSS31
    CVE-2025-7611

    A vulnerability was found in code-projects Wedding Reservation 1.0. It has been classified as critical. This affects an unknown part of the file /global.php. The manipulation of the argument lu leads to sql injection. It is possible to initiate the attack... Read more

    Affected Products : wedding_reservation
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 6.5

    CVSS31
    CVE-2025-53820

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `index.php` endpoint of the WeGIA application prior to version 3.4.5. This ... Read more

    Affected Products : wegia
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 6.5

    CVSS31
    CVE-2025-53822

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `relatorio_geracao.php` endpoint of the WeGIA application prior to version ... Read more

    Affected Products : wegia
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 8.8

    CVSS31
    CVE-2025-53823

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Versions prior to 3.4.5 have a SQL Injection vulnerability in the endpoint `/WeGIA/html/socio/sistema/processa_deletar_socio.php`, in the `id_socio` p... Read more

    Affected Products : wegia
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 5.4

    CVSS31
    CVE-2025-53824

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the editar_permissoes.php endpoint of the WeGIA application prior to version 3.... Read more

    Affected Products : wegia
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 7.6

    CVSS31
    CVE-2025-53959

    In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible... Read more

    Affected Products :
    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025

  • 7.5

    CVSS31
    CVE-2024-51770

    An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 9.8

    CVSS31
    CVE-2025-7612

    A vulnerability was found in code-projects Mobile Shop 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remote... Read more

    Affected Products : mobile_shop
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 7.5

    CVSS31
    CVE-2024-42646

    A segmentation fault in NanoMQ v0.21.10 allows attackers to cause a Denial of Service (DoS) via crafted messages.... Read more

    Affected Products : nanomq
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 6.5

    CVSS31
    CVE-2024-42648

    NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT message.... Read more

    Affected Products : nanomq
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 6.5

    CVSS31
    CVE-2024-42649

    NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.... Read more

    Affected Products : nanomq
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 5.6

    CVSS31
    CVE-2025-51650

    An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file.... Read more

    Affected Products : foxcms
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 5.4

    CVSS31
    CVE-2025-51652

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Categories.php.... Read more

    Affected Products : semcms
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 5.4

    CVSS31
    CVE-2025-51653

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php.... Read more

    Affected Products : semcms
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 5.4

    CVSS31
    CVE-2025-51654

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php.... Read more

    Affected Products : semcms
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 5.4

    CVSS31
    CVE-2025-51655

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php.... Read more

    Affected Products : semcms
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 5.4

    CVSS31
    CVE-2025-51656

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php.... Read more

    Affected Products : semcms
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
Showing 20 of 145 Results
© cvefeed.io
Latest DB Update: Jul. 15, 2025 18:45