Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-10830

    A flaw has been found in Campcodes Computer Sales and Inventory System 1.0. This issue affects some unknown processing of the file /pages/inv_edit1.php. Executing manipulation of the argument idd can lead to sql injection. The attack can be executed remot... Read more

    • Published: Sep. 23, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10817

    A weakness has been identified in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/admin_user.php. Executing manipulation of the argument firstname can lead to sql injection. The attack may be lau... Read more

    Affected Products : online_learning_management_system
    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10547

    An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption.... Read more

    Affected Products :
    • Published: Oct. 03, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-8868

    In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command usin... Read more

    Affected Products : linux_kernel automate
    • Published: Sep. 29, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11509

    A vulnerability was detected in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/product_add.php. Performing manipulation of the argument prod_name results in sql injection. The attack may be initiated remotely. Th... Read more

    • Published: Oct. 08, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9697

    The Ajax WooSearch WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10784

    A security vulnerability has been detected in Campcodes Online Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_subject.php. The manipulation of the argument subject_code leads to sql injection. ... Read more

    Affected Products : online_learning_management_system
    • Published: Sep. 22, 2025
    • Modified: Sep. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11503

    A vulnerability was determined in PHPGurukul Beauty Parlour Management System 1.1. This issue affects some unknown processing of the file /admin/manage-services.php. Executing manipulation of the argument delid can lead to sql injection. The attack may be... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Oct. 08, 2025
    • Modified: Oct. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-21483

    Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs.... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-10147

    The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'move_as_original_file' function in all versions up to, and including, 4.2.6. This makes it possible for unauthenticated ... Read more

    Affected Products : podlove_podcast_publisher
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-11105

    A flaw has been found in code-projects Simple Scheduling System 1.0. This affects an unknown part of the file /schedulingsystem/addsubject.php. This manipulation of the argument subcode causes sql injection. Remote exploitation of the attack is possible. ... Read more

    Affected Products : simple_scheduling_system
    • Published: Sep. 28, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10808

    A weakness has been identified in Campcodes Farm Management System 1.0. Impacted is an unknown function of the file /uploadProduct.php. This manipulation of the argument Type causes sql injection. Remote exploitation of the attack is possible. The exploit... Read more

    Affected Products : farm_management_system
    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10809

    A security vulnerability has been detected in Campcodes Online Learning Management System 1.0. The affected element is an unknown function of the file /admin/department.php. Such manipulation of the argument d leads to sql injection. The attack can be exe... Read more

    Affected Products : online_learning_management_system
    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10798

    A vulnerability was identified in code-projects Hostel Management System 1.0. Impacted is an unknown function of the file /justines/admin/mod_roomtype/index.php?view=view. Such manipulation of the argument ID leads to sql injection. The attack may be laun... Read more

    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-59743

    SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'SessionID' cook... Read more

    Affected Products : e-tms
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10542

    iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain ... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-10811

    A flaw has been found in code-projects Hostel Management System 1.0. This affects an unknown function of the file /justines/admin/mod_comments/index.php?view=view. Executing manipulation of the argument ID can lead to sql injection. The attack may be perf... Read more

    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10810

    A vulnerability was detected in Campcodes Online Learning Management System 1.0. The impacted element is an unknown function of the file /admin/edit_user.php. Performing manipulation of the argument firstname results in sql injection. The attack is possib... Read more

    Affected Products : online_learning_management_system
    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10782

    A security flaw has been discovered in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/class.php. Performing manipulation of the argument class_name results in sql injection. The attack is possible to be... Read more

    Affected Products : online_learning_management_system
    • Published: Sep. 22, 2025
    • Modified: Sep. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11063

    A vulnerability was identified in Campcodes Online Learning Management System 1.0. This issue affects some unknown processing of the file /admin/edit_department.php. The manipulation of the argument d leads to sql injection. It is possible to initiate the... Read more

    Affected Products : online_learning_management_system
    • Published: Sep. 27, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection
Showing 20 of 3884 Results