Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-8373

    A vulnerability was found in code-projects Vehicle Management 1.0. It has been classified as critical. This affects an unknown part of the file /print.php. The manipulation of the argument sno leads to sql injection. It is possible to initiate the attack ... Read more

    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8185

    A vulnerability was found in 1000 Projects ABC Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /getbyid.php. The manipulation of the argument ID leads to sql injection. It is possible to launc... Read more

    Affected Products : abc_courier_management_system
    • Published: Jul. 26, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8169

    A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function formSetWanPPTPcallback of the file /goform/formSetWanPPTPpath of the component HTTP POST Request Handler. The manipulation of the argument curTime lead... Read more

    Affected Products : dir-513_firmware dir-513
    • Published: Jul. 25, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5562

    A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/edit-category-detail.php. The manipulation of the argument editid leads to ... Read more

    Affected Products : curfew_e-pass_management_system
    • Published: Jun. 04, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8038

    Firefox ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-8982

    A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/currency.php. The manipulation of the argument curr_code leads to sql injection. The attack ... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8059

    The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to, and including, 2.0.6. This makes it possible for unauthentica... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-7928

    A vulnerability was found in code-projects Church Donation System 1.0 and classified as critical. This issue affects some unknown processing of the file /members/edit_user.php. The manipulation of the argument firstname leads to sql injection. The attack ... Read more

    Affected Products : church_donation_system
    • Published: Jul. 21, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8254

    A vulnerability was found in Campcodes Courier Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view_parcel.php. The manipulation of the argument ID leads to sql injection. The attack can be ini... Read more

    Affected Products : courier_management_system
    • Published: Jul. 28, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8028

    On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Fi... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-8043

    Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability affects Firefox < 141 and Thunderbird < 141.... Read more

    Affected Products : firefox thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-8031

    The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-7918

    WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.... Read more

    Affected Products :
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7876

    A vulnerability classified as critical was found in Metasoft 美特软件 MetaCRM up to 6.4.2. This vulnerability affects the function AnalyzeParam of the file download.jsp. The manipulation of the argument p leads to deserialization. The attack can be initiated ... Read more

    Affected Products : metacrm
    • Published: Jul. 20, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7775

    Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ... Read more

    • Actively Exploited
    • Published: Aug. 26, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-8238

    A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/update_s2.php. The manipulation of the argument credits leads to sql injection. It is possible to launch th... Read more

    Affected Products : exam_form_submission
    • Published: Jul. 27, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7873

    A vulnerability was found in Metasoft 美特软件 MetaCRM up to 6.4.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file mcc_login.jsp. The manipulation of the argument workerid leads to sql injection. The a... Read more

    Affected Products : metacrm
    • Published: Jul. 20, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7697

    The Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.1 via deserialization of untrusted input within the verify_field_val... Read more

    Affected Products :
    • Published: Jul. 19, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7542

    A vulnerability was found in PHPGurukul User Registration & Login and User Management System 3.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/user-profile.php. The manipulation of the argument uid lea... Read more

    • Published: Jul. 13, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7467

    A vulnerability, which was classified as critical, was found in code-projects Modern Bag 1.0. This affects an unknown part of the file /product-detail.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack r... Read more

    Affected Products : modern_bag
    • Published: Jul. 12, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection
Showing 20 of 292775 Results