Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-11658

    A vulnerability was detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected is an unknown function of the file /assets/changeSllyabus.php. The manipulation of the argument File results in unrestric... Read more

    Affected Products : school_management_system
    • Published: Oct. 13, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-11615

    A security flaw has been discovered in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/add_invoice.php. Performing manipulation of the argument ServiceId results in sql injection. Remote exploitation of the... Read more

    Affected Products : best_salon_management_system
    • Published: Oct. 11, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10611

    Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation. Successful exploitation of this vulnerab... Read more

    Affected Products : api_manager identity_server
    • Published: Oct. 16, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-10742

    The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.8.6. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system ... Read more

    Affected Products :
    • Published: Oct. 16, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-53424

    Missing Authorization vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Orders & Customers Exporter: from n/a thro... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-11430

    A vulnerability was found in SourceCodester Simple E-Commerce Bookstore 1.0. The affected element is an unknown function of the file /cart.php. The manipulation of the argument remove results in sql injection. The attack can be executed remotely. The expl... Read more

    Affected Products : simple_e-commerce_bookstore
    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11597

    A vulnerability was identified in code-projects E-Commerce Website 1.0. The impacted element is an unknown function of the file /pages/product_add_qty.php. The manipulation of the argument prod_id leads to sql injection. The attack is possible to be carri... Read more

    • Published: Oct. 11, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11416

    A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/invoices.php. Performing manipulation of the argument delid results in sql injection. The attack can be initiated remot... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Oct. 07, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-12208

    A vulnerability was found in SourceCodester Best House Rental Management System 1.0. This impacts the function login2 of the file /admin_class.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be car... Read more

    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-60213

    Deserialization of Untrusted Data vulnerability in Whitebox-Studio Scape scape allows Object Injection.This issue affects Scape: from n/a through <= 1.5.13.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11629

    A vulnerability has been found in RainyGao DocSys up to 2.02.36. This impacts the function getUserList of the file /Manage/getUserList.do. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclos... Read more

    Affected Products : docsys
    • Published: Oct. 12, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-31718

    In modem, there is a possible system crash due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed.... Read more

    Affected Products :
    • Published: Oct. 11, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-11431

    A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. The impacted element is an unknown function of the file /transaction.php. This manipulation of the argument shopid causes sql injection. The attack is possible to be c... Read more

    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11432

    A vulnerability was identified in itsourcecode Leave Management System 1.0. This affects an unknown function of the file /reset.php. Such manipulation of the argument employid leads to sql injection. The attack may be performed from remote. The exploit is... Read more

    Affected Products : leave_management_system
    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11596

    A vulnerability was determined in code-projects E-Commerce Website 1.0. The affected element is an unknown function of the file /pages/delete_order_details.php. Executing manipulation of the argument order_id can lead to sql injection. The attack can be e... Read more

    • Published: Oct. 11, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11549

    A vulnerability has been found in Tenda W12 3.0.0.6(3948). The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. ... Read more

    Affected Products : w12_firmware w12
    • Published: Oct. 09, 2025
    • Modified: Oct. 18, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-11583

    A flaw has been found in code-projects Online Job Search Engine 1.0. Impacted is an unknown function of the file /postjob.php. Executing manipulation of the argument txtjobID can lead to sql injection. The attack may be launched remotely. The exploit has ... Read more

    • Published: Oct. 10, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-60232

    Deserialization of Untrusted Data vulnerability in quantumcloud KBx Pro Ultimate knowledgebase-helpdesk-pro allows Object Injection.This issue affects KBx Pro Ultimate: from n/a through <= 8.0.5.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-35050

    Newforma Info Exchange (NIX) accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by New... Read more

    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-11664

    A security vulnerability has been detected in Campcodes Online Beauty Parlor Management System 1.0. The impacted element is an unknown function of the file /admin/search-appointment.php. Such manipulation of the argument searchdata leads to sql injection.... Read more

    • Published: Oct. 13, 2025
    • Modified: Oct. 17, 2025
    • Vuln Type: Injection
Showing 20 of 3925 Results