Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-27151

    Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file pa... Read more

    Affected Products : redis
    • Published: May. 29, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-26971

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ays-pro Poll Maker allows Blind SQL Injection. This issue affects Poll Maker: from n/a through 5.6.5.... Read more

    Affected Products : poll_maker
    • Published: Feb. 25, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-26817

    Netwrix Password Secure 9.2.0.32454 allows OS command injection.... Read more

    Affected Products : password_secure
    • Published: Apr. 03, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-26763

    Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection. This issue affects Responsive Slider by MetaSlider: from n/a through 3.94.0.... Read more

    Affected Products : slider\,_gallery\,_and_carousel
    • Published: Feb. 22, 2025
    • Modified: Feb. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1900

    A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /add-table.php. The manipulation of the argument tableno leads to sql injection. The a... Read more

    Affected Products : restaurant_table_booking_system
    • Published: Mar. 04, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-26533

    An SQL injection risk was identified in the module list filter within course search.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-26846

    An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata.... Read more

    Affected Products : znuny
    • Published: May. 12, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-26325

    ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php.... Read more

    Affected Products : shopxo
    • Published: Feb. 27, 2025
    • Modified: Apr. 10, 2025

  • 9.8

    CRITICAL
    CVE-2025-26198

    CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmin.php component. The application fails to sanitize user-supplied input in the admin login form before directly including it in SQL queries. This allows una... Read more

    Affected Products : cloudclassroom-php_project
    • Published: Jun. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-26339

    A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability in multip... Read more

    Affected Products : maxtime
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-26136

    A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1.... Read more

    Affected Products : mysiteforme
    • Published: Mar. 04, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-26347

    A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user permissions via crafted HTTP requests.... Read more

    Affected Products : maxtime
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-26014

    A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter.... Read more

    Affected Products : loggrove
    • Published: Feb. 21, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-26007

    Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi.... Read more

    Affected Products : tlr-2005ksh_firmware tlr-2005ksh
    • Published: Mar. 26, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2024-12097

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Boceksoft Informatics E-Travel allows SQL Injection.This issue affects E-Travel: before 15.12.2024.... Read more

    Affected Products :
    • Published: Mar. 05, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-26063

    An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to execute arbitrary code via injecting a crafted payload into the ESSID name when creating a network.... Read more

    • Published: Jul. 31, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-26341

    A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset arbitrary user passwords via crafted HTTP requests.... Read more

    Affected Products : maxtime
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-26011

    Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setUsernamePassword.... Read more

    Affected Products : tlr-2005ksh_firmware tlr-2005ksh
    • Published: Mar. 26, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-25962

    An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the _modifyPosition function... Read more

    Affected Products :
    • Published: Apr. 29, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-26342

    A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to create arbitrary users, including administrators, via crafted HT... Read more

    Affected Products : maxtime
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Authentication
Showing 20 of 292758 Results