Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-3217

    A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /registration.php. The manipulation of the argument emailid leads to sql injection. The attack can... Read more

    Affected Products : e-diary_management_system
    • Published: Apr. 04, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3042

    A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. This vulnerability affects unknown code of the file /student/updateprofile.php. The manipulation of the argument pic leads to unrestricted upload. The atta... Read more

    Affected Products : online_time_table_generator
    • Published: Apr. 01, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-39596

    Weak Authentication vulnerability in Quentn.com GmbH Quentn WP allows Privilege Escalation. This issue affects Quentn WP: from n/a through 1.2.8.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-39495

    Deserialization of Untrusted Data vulnerability in BoldThemes Avantage allows Object Injection. This issue affects Avantage: from n/a through 2.4.6.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-12919

    The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.13.7. This is due to the pms_pb_payment_redirect_link ... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2023-30204

    Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the judge_id parameter at /php-jms/edit_judge.php.... Read more

    Affected Products : judging_management_system
    • Published: May. 03, 2023
    • Modified: Jan. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-2531

    Improper Restriction of Excessive Authentication Attempts in GitHub repository azuracast/azuracast prior to 0.18.3.... Read more

    Affected Products : azuracast
    • Published: May. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-31707

    SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php.... Read more

    Affected Products : semcms
    • Published: May. 19, 2023
    • Modified: Jan. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-37091

    A command injection remote code execution vulnerability exists in HPE StoreOnce Software.... Read more

    Affected Products : storeonce_system
    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-37107

    An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.... Read more

    Affected Products : autopass_license_server
    • Published: Jul. 16, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-37093

    An authentication bypass vulnerability exists in HPE StoreOnce Software.... Read more

    Affected Products : storeonce_system
    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-36604

    Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, lead... Read more

    Affected Products : unity_operating_environment
    • Published: Aug. 04, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-36038

    IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.... Read more

    • Published: Jun. 25, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-32800

    Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. An attacker could claim this namespace and upload arbitrary (mali... Read more

    Affected Products : conda-build
    • Published: Jun. 16, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Supply Chain

  • 9.8

    CRITICAL
    CVE-2025-32877

    An issue was discovered on COROS PACE 3 devices through 3.0808.0. It identifies itself as a device without input or output capabilities, which results in the use of the Just Works pairing method. This method does not implement any authentication, which th... Read more

    Affected Products : coros_pace_3_firmware coros_pace_3
    • Published: Jun. 20, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-32799

    Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal (Tarslip) attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives ... Read more

    Affected Products : conda-build
    • Published: Jun. 16, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-32695

    Incorrect Privilege Assignment vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation. This issue affects Checkout Mestres WP: from n/a through 8.7.5.... Read more

    Affected Products : checkout_mestres_wp
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-32658

    Deserialization of Untrusted Data vulnerability in wpWax HelpGent allows Object Injection. This issue affects HelpGent: from n/a through 2.2.4.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-32798

    Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build recipe processing logic has been found to be vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors. Currently, conda-bu... Read more

    Affected Products : conda-build
    • Published: Jun. 16, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-32569

    Deserialization of Untrusted Data vulnerability in RealMag777 TableOn – WordPress Posts Table Filterable allows Object Injection. This issue affects TableOn – WordPress Posts Table Filterable: from n/a through 1.0.2.... Read more

    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Injection
Showing 20 of 292803 Results