Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-11608

    A security vulnerability has been detected in code-projects E-Banking System 1.0. This affects an unknown function of the file /register.php of the component POST Parameter Handler. The manipulation of the argument username/password leads to sql injection... Read more

    • Published: Oct. 11, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-49901

    Authentication Bypass Using an Alternate Path or Channel vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Authentication Abuse.This issue affects Simple Link Directory: from n/a through < 14.8.1.... Read more

    Affected Products : simple_link_directory
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-11656

    A weakness has been identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown function of the file /assets/editNotes.php. Executing manipulation of the argument File can lead to unre... Read more

    Affected Products : school_management_system
    • Published: Oct. 13, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-11391

    The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it poss... Read more

    Affected Products :
    • Published: Oct. 18, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-11629

    A vulnerability has been found in RainyGao DocSys up to 2.02.36. This impacts the function getUserList of the file /Manage/getUserList.do. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclos... Read more

    Affected Products : docsys
    • Published: Oct. 12, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-53424

    Missing Authorization vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Orders & Customers Exporter: from n/a thro... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-11597

    A vulnerability was identified in code-projects E-Commerce Website 1.0. The impacted element is an unknown function of the file /pages/product_add_qty.php. The manipulation of the argument prod_id leads to sql injection. The attack is possible to be carri... Read more

    • Published: Oct. 11, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10640

    An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login prompt in the WorkExaminer Professional console to gain administrative access to the WorkExamine... Read more

    Affected Products :
    • Published: Oct. 21, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-11430

    A vulnerability was found in SourceCodester Simple E-Commerce Bookstore 1.0. The affected element is an unknown function of the file /cart.php. The manipulation of the argument remove results in sql injection. The attack can be executed remotely. The expl... Read more

    Affected Products : simple_e-commerce_bookstore
    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11659

    A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this vulnerability is an unknown functionality of the file /assets/uploadNotes.php. This manipulation of the argument File ca... Read more

    Affected Products : school_management_system
    • Published: Oct. 13, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-11507

    A weakness has been identified in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/search-invoices.php. This manipulation of the argument searchdata causes sql injection. The attack can be ini... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Oct. 08, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11416

    A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/invoices.php. Performing manipulation of the argument delid results in sql injection. The attack can be initiated remot... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Oct. 07, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11584

    A vulnerability has been found in code-projects Online Job Search Engine 1.0. The affected element is an unknown function of the file /searchjob.php. The manipulation of the argument txtspecialization leads to sql injection. Remote exploitation of the att... Read more

    • Published: Oct. 10, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-60225

    Deserialization of Untrusted Data vulnerability in AncoraThemes BugsPatrol bugspatrol allows Object Injection.This issue affects BugsPatrol: from n/a through <= 1.5.0.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-62353

    A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read and write arbitrary local files in and outside of current projects on an end user’s system. The vulnerability can be reached directly and through indirect pr... Read more

    Affected Products :
    • Published: Oct. 17, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-46581

    ZTE's ZXCDN product is affected by a Struts remote code execution (RCE) vulnerability. An unauthenticated attacker can remotely execute commands with non-root privileges.... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11023

    Inclusion of Functionality from Untrusted Control Sphere, Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows PHP Local File Inclu... Read more

    Affected Products :
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-12239

    A weakness has been identified in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Executing manipulation can lead to buffer overflow. The attack may be performed from remote. The ex... Read more

    Affected Products : a3300r_firmware a3300r
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-12301

    A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Impacted is an unknown function of the file /editproduct.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched rem... Read more

    Affected Products : simple_food_ordering_system
    • Published: Oct. 27, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-11558

    A vulnerability was found in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/user_index_search.php. Performing manipulation of the argument Search results in sql injection. The attack is possible to be carried out ... Read more

    • Published: Oct. 09, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection
Showing 20 of 3897 Results