Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-0855

    The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'import_header' function. This makes it possible for unauthenticated attackers to inject a PH... Read more

    Affected Products :
    • Published: May. 06, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1100

    A CWE-259 "Use of Hard-coded Password" for the root account in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to execute arbitrary code with root privileges via SSH.... Read more

    Affected Products : maxtime
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-0791

    A vulnerability, which was classified as critical, has been found in ESAFENET CDG V5. This issue affects some unknown processing of the file /sdDoneDetail.jsp. The manipulation of the argument flowId leads to sql injection. The attack may be initiated rem... Read more

    Affected Products : cdg
    • Published: Jan. 29, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0896

    Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker.... Read more

    Affected Products : orthanc
    • Published: Feb. 13, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-0634

    Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2.... Read more

    Affected Products : rlottie
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-0564

    A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /authenticate.php. The manipulation of the argument uname leads to sql injection. The ... Read more

    Affected Products : fantasy-cricket
    • Published: Jan. 19, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0534

    A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Code/loginnew.php. The manipulation of the argument Username lea... Read more

    • Published: Jan. 17, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0838

    There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass... Read more

    Affected Products : debian_linux common_libraries
    • Published: Feb. 21, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-0493

    The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Limited Local File Inclusion in all versions up to, and including, 4.2.14 via the tabname parameter. This makes it possible for unauthentic... Read more

    Affected Products : multivendorx
    • Published: Jan. 31, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-0332

    In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 (2025.1.211), using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory.... Read more

    • Published: Feb. 12, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-0299

    A vulnerability classified as critical has been found in code-projects Online Book Shop 1.0. Affected is an unknown function of the file /search_result.php. The manipulation of the argument s leads to sql injection. It is possible to launch the attack rem... Read more

    Affected Products : online_book_shop online_book_shop
    • Published: Jan. 07, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0229

    A vulnerability, which was classified as critical, has been found in code-projects Travel Management System 1.0. This issue affects some unknown processing of the file /enquiry.php. The manipulation of the argument pid/t1/t2/t3/t4/t5/t6/t7 leads to sql in... Read more

    Affected Products : travel_management_system
    • Published: Jan. 05, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0349

    A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src/mac leads to stack-based buffer overflow. It is po... Read more

    Affected Products : ac6_firmware ac6
    • Published: Jan. 09, 2025
    • Modified: Mar. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-0181

    The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.7. This is due to the plugin not properly validating a user's identity prior to setting the current user and their au... Read more

    Affected Products : foodbakery
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-0247

    Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox... Read more

    Affected Products : firefox thunderbird
    • Published: Jan. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-0147

    Type confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalation of privilege via network access.... Read more

    • Published: Jan. 30, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-0211

    A vulnerability was found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipulation of the argument page leads to file inclusion. The a... Read more

    Affected Products : school_faculty_scheduling_system
    • Published: Jan. 04, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-0456

    The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access the specific administrative functionality to retrieve * all accounts and passwords.... Read more

    Affected Products : airpass
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-9973

    A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=reports of the component Report Viewing Page. The manipulation of the argument date leads to ... Read more

    Affected Products : online_eyewear_shop
    • Published: Oct. 15, 2024
    • Modified: Oct. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-9924

    The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently .... Read more

    Affected Products : oaklouds_portal
    • Published: Oct. 14, 2024
    • Modified: Oct. 15, 2024
Showing 20 of 293250 Results