Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-3188

    A vulnerability classified as critical has been found in PHPGurukul e-Diary Management System 1.0. This affects an unknown part of the file /add-notes.php. The manipulation of the argument Category leads to sql injection. It is possible to initiate the at... Read more

    Affected Products : e-diary_management_system
    • Published: Apr. 04, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3308

    A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /viewrequest.php. The manipulation of the argument ID leads to sql inject... Read more

    • Published: Apr. 06, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3278

    The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_register_role'... Read more

    Affected Products :
    • Published: Apr. 19, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-3195

    A vulnerability, which was classified as critical, has been found in itsourcecode Online Blood Bank Management System 1.0. This issue affects some unknown processing of the file /bbms.php. The manipulation of the argument Search leads to sql injection. Th... Read more

    • Published: Apr. 04, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3209

    A vulnerability was found in code-projects Patient Record Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /add_patient.php. The manipulation of the argument itr_no leads to sq... Read more

    • Published: Apr. 04, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3040

    A vulnerability was found in Project Worlds Online Time Table Generator 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_student.php. The manipulation of the argument pic leads to unrestricted... Read more

    Affected Products : online_time_table_generator
    • Published: Mar. 31, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-3217

    A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /registration.php. The manipulation of the argument emailid leads to sql injection. The attack can... Read more

    Affected Products : e-diary_management_system
    • Published: Apr. 04, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3042

    A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. This vulnerability affects unknown code of the file /student/updateprofile.php. The manipulation of the argument pic leads to unrestricted upload. The atta... Read more

    Affected Products : online_time_table_generator
    • Published: Apr. 01, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-39596

    Weak Authentication vulnerability in Quentn.com GmbH Quentn WP allows Privilege Escalation. This issue affects Quentn WP: from n/a through 1.2.8.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-39495

    Deserialization of Untrusted Data vulnerability in BoldThemes Avantage allows Object Injection. This issue affects Avantage: from n/a through 2.4.6.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-12919

    The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.13.7. This is due to the pms_pb_payment_redirect_link ... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2023-30204

    Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the judge_id parameter at /php-jms/edit_judge.php.... Read more

    Affected Products : judging_management_system
    • Published: May. 03, 2023
    • Modified: Jan. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-2531

    Improper Restriction of Excessive Authentication Attempts in GitHub repository azuracast/azuracast prior to 0.18.3.... Read more

    Affected Products : azuracast
    • Published: May. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-31707

    SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php.... Read more

    Affected Products : semcms
    • Published: May. 19, 2023
    • Modified: Jan. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-37091

    A command injection remote code execution vulnerability exists in HPE StoreOnce Software.... Read more

    Affected Products : storeonce_system
    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-37107

    An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.... Read more

    Affected Products : autopass_license_server
    • Published: Jul. 16, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-37093

    An authentication bypass vulnerability exists in HPE StoreOnce Software.... Read more

    Affected Products : storeonce_system
    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-36604

    Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, lead... Read more

    Affected Products : unity_operating_environment
    • Published: Aug. 04, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-36038

    IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.... Read more

    • Published: Jun. 25, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-32800

    Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. An attacker could claim this namespace and upload arbitrary (mali... Read more

    Affected Products : conda-build
    • Published: Jun. 16, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Supply Chain
Showing 20 of 293280 Results