Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-11818

    A vulnerability classified as critical has been found in PHPGurukul User Registration & Login and User Management System 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument email leads to sql injection. It is possib... Read more

    • Published: Nov. 27, 2024
    • Modified: Dec. 03, 2024

  • 9.8

    CRITICAL
    CVE-2025-53763

    Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : office_purview_data_governance
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2021-27786

    Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and s... Read more

    Affected Products : onetest_server
    • Published: Jun. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-2947

    IBM i 7.6  contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command.  A malicious actor can use the command to elevate privileges to gain root access to the host operating system.... Read more

    Affected Products : i i
    • Published: Apr. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-11965

    A vulnerability has been found in PHPGurukul Complaint Management system 1.0 and classified as critical. This vulnerability affects unknown code of the file /user/reset-password.php. The manipulation of the argument email leads to sql injection. The attac... Read more

    Affected Products : complaint_management_system
    • Published: Nov. 28, 2024
    • Modified: Dec. 04, 2024

  • 9.8

    CRITICAL
    CVE-2025-7955

    The RingCentral Communications plugin for WordPress is vulnerable to Authentication Bypass due to improper validation within the ringcentral_admin_login_2fa_verify() function in versions 1.5 to 1.6.8. This makes it possible for unauthenticated attackers t... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-5914

    A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulne... Read more

    • Published: Jun. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-33631

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Stored XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. ... Read more

    Affected Products :
    • Published: Apr. 29, 2024
    • Modified: Aug. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-5989

    Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.... Read more

    Affected Products : thinmanager thinserver
    • Published: Jun. 25, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26136

    Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.... Read more

    Affected Products : tough-cookie
    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2457

    A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a brute force attack against Administration Console as the application does not limit the number of unsuccessful login attempts.... Read more

    Affected Products : process_automation_manager
    • Published: Aug. 10, 2022
    • Modified: Aug. 27, 2025

  • 9.8

    CRITICAL
    CVE-2025-9492

    A vulnerability was determined in Campcodes Online Water Billing System 1.0. This affects an unknown function of the file /addclient1.php. Executing manipulation of the argument lname can lead to sql injection. The attack can be launched remotely. The exp... Read more

    Affected Products : online_water_billing_system
    • Published: Aug. 26, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9533

    A vulnerability has been found in TOTOLINK T10 4.1.8cu.5241_B20210927. Affected is an unknown function of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to improper authentication. The attack can be initiated... Read more

    Affected Products : t10_firmware t10
    • Published: Aug. 27, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-9506

    A vulnerability has been found in Campcodes Online Loan Management System 1.0. This affects an unknown part of the file /ajax.php?action=delete_plan. Such manipulation of the argument ID leads to sql injection. The attack may be performed from a remote lo... Read more

    Affected Products : online_loan_management_system
    • Published: Aug. 27, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-25737

    Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack secure password requirements for its BIOS Supervisor and User accounts, allowing attackers to bypass authentication via a... Read more

    Affected Products :
    • Published: Aug. 26, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-52122

    Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection for all users that have access to editing a form (submission title).... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-12231

    A vulnerability, which was classified as critical, was found in CodeZips Project Management System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the atta... Read more

    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-53442

    whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component.... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 11, 2024

  • 9.8

    CRITICAL
    CVE-2025-22403

    In sdp_snd_service_search_req of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for explo... Read more

    Affected Products : android
    • Published: Aug. 26, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-7923

    An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restri... Read more

    Affected Products : satellite
    • Published: Sep. 04, 2024
    • Modified: Nov. 24, 2024
Showing 20 of 292837 Results