Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-1640

    A vulnerability was found in Benner ModernaNet up to 1.1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /Home/JS_CarregaCombo?formName=DADOS_PESSOAIS_PLANO&additionalCondition=&insideParameters=&elementToRet... Read more

    Affected Products : modernanet
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1858

    A vulnerability classified as critical was found in Codezips Online Shopping Website 1.0. This vulnerability affects unknown code of the file /success.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. T... Read more

    Affected Products : online_shopping_website
    • Published: Mar. 03, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1580

    A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /search-report-result.php. The manipulation of the argument searchdata leads to sql injectio... Read more

    • Published: Feb. 23, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1661

    The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 'template' parameter of the woof_text_search AJAX action. This makes it possible for ... Read more

    • Published: Mar. 11, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-1562

    The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the install_or_activate_addon_pl... Read more

    Affected Products : funnelkit_automations
    • Published: Jun. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-1393

    An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.... Read more

    Affected Products :
    • Published: Mar. 05, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-1576

    A vulnerability classified as critical was found in code-projects Real Estate Property Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax_state.php. The manipulation of the argument StateName as part of Str... Read more

    • Published: Feb. 23, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1298

    Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of account takeover.... Read more

    Affected Products : carlcare carlcare
    • Published: Feb. 14, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-1307

    The Newscrunch theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check in the newscrunch_install_and_activate_plugin() function in all versions up to, and including, 1.8.4.1. This makes it possible for authenticated a... Read more

    Affected Products : newscrunch
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-1186

    A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. The attack can be initi... Read more

    Affected Products : xunruicms
    • Published: Feb. 12, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1104

    A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack can be initiated remotely. The exploit has been disclosed... Read more

    Affected Products : dhp-w310av_firmware dhp-w310av
    • Published: Feb. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-1093

    The AIHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the generate_image function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to upload arbitrary ... Read more

    Affected Products :
    • Published: Apr. 19, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-1017

    Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary c... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Feb. 04, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-1012

    A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Feb. 04, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Race Condition

  • 9.8

    CRITICAL
    CVE-2025-0847

    A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /index.php of the component Login. The manipulation of the argument email leads to sql in... Read more

    Affected Products : employee_task_management_system
    • Published: Jan. 30, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0855

    The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'import_header' function. This makes it possible for unauthenticated attackers to inject a PH... Read more

    Affected Products :
    • Published: May. 06, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1100

    A CWE-259 "Use of Hard-coded Password" for the root account in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to execute arbitrary code with root privileges via SSH.... Read more

    Affected Products : maxtime
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-0791

    A vulnerability, which was classified as critical, has been found in ESAFENET CDG V5. This issue affects some unknown processing of the file /sdDoneDetail.jsp. The manipulation of the argument flowId leads to sql injection. The attack may be initiated rem... Read more

    Affected Products : cdg
    • Published: Jan. 29, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0896

    Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker.... Read more

    Affected Products : orthanc
    • Published: Feb. 13, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-0634

    Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2.... Read more

    Affected Products : rlottie
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292321 Results