Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-54539

    A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious ser... Read more

    Affected Products :
    • Published: Oct. 16, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10611

    Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation. Successful exploitation of this vulnerab... Read more

    Affected Products : api_manager identity_server
    • Published: Oct. 16, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-34207

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 (VA and SaaS deployments) configure the SSH client within Docker instances with the following options: `UserKnownHostsFile=/dev/null`, `Stric... Read more

    • Published: Sep. 29, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-11522

    The Search & Go - Directory WordPress Theme theme for WordPress is vulnerable to Authentication Bypass via account takeover in all versions up to, and including, 2.7. This is due to insufficient user validation in the search_and_go_elated_check_facebook_u... Read more

    Affected Products :
    • Published: Oct. 09, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-11064

    A security flaw has been discovered in Campcodes Online Learning Management System 1.0. Impacted is an unknown function of the file /admin/teachers.php. The manipulation of the argument department results in sql injection. It is possible to launch the att... Read more

    Affected Products : online_learning_management_system
    • Published: Sep. 27, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11474

    A vulnerability was found in SourceCodester Hotel and Lodge Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_booking.php. Performing manipulation of the argument Name results in sql injection. The attack ... Read more

    Affected Products : hotel_and_lodge_management_system
    • Published: Oct. 08, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11401

    A flaw has been found in SourceCodester Hotel and Lodge Management System 1.0. Affected is an unknown function of the file /pages/save_curr.php. This manipulation of the argument currcode causes sql injection. The attack is possible to be carried out remo... Read more

    Affected Products : hotel_and_lodge_management_system
    • Published: Oct. 07, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11040

    A vulnerability was detected in code-projects Hostel Management System 1.0. Affected by this issue is some unknown functionality of the file /justines/admin/mod_users/index.php?view=view. The manipulation of the argument ID results in sql injection. The a... Read more

    • Published: Sep. 26, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11397

    A security flaw has been discovered in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /login.php. Performing manipulation of the argument email results in sql injection. The attack may be init... Read more

    Affected Products : hotel_and_lodge_management_system
    • Published: Oct. 07, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11061

    A vulnerability was found in Campcodes Online Learning Management System 1.0. This affects an unknown part of the file /admin/edit_student.php. Performing manipulation of the argument cys results in sql injection. The attack is possible to be carried out ... Read more

    Affected Products : online_learning_management_system
    • Published: Sep. 27, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11551

    A vulnerability was determined in code-projects Student Result Manager 1.0. This affects an unknown function of the file src/students/Database.java. This manipulation of the argument roll/name/gpa causes sql injection. It is possible to initiate the attac... Read more

    Affected Products : student_result_manager
    • Published: Oct. 09, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-59681

    An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted d... Read more

    Affected Products : django
    • Published: Oct. 01, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9762

    The Post By Email plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the save_attachments function in all versions up to, and including, 1.0.4b. This makes it possible for unauthenticated attackers to uploa... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-59740

    Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a... Read more

    Affected Products : e-tms
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11431

    A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. The impacted element is an unknown function of the file /transaction.php. This manipulation of the argument shopid causes sql injection. The attack is possible to be c... Read more

    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11052

    A security flaw has been discovered in kidaze CourseSelectionSystem 1.0/5.php. The impacted element is an unknown function of the file /Profilers/PriProfile/COUNT3s5.php. Performing manipulation of the argument csslc results in sql injection. The attack c... Read more

    Affected Products : courseselectionsystem
    • Published: Sep. 27, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8625

    The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreap_handle_image() Function in versions 1.1 to 1.2. The plugin falls back to a hard-coded JWT signing key when no secret is defined and does not restrict which fil... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-59741

    Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a... Read more

    Affected Products : e-tms
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-57266

    An issue was discovered in file AssistantController.java in ThriveX Blogging Framework 2.5.9 thru 3.1.3 allowing unauthenticated attackers to gain sensitive information such as API Keys via the /api/assistant/list endpoint.... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-31718

    In modem, there is a possible system crash due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed.... Read more

    Affected Products :
    • Published: Oct. 11, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Denial of Service
Showing 20 of 3884 Results