Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-40189

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to ... Read more

    • EPSS Score: %2.12
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2025-6316

    A vulnerability was found in code-projects Online Shoe Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/admin_running.php. The manipulation of the argument qty leads to sql injection. The at... Read more

    Affected Products : online_shoe_store
    • Published: Jun. 20, 2025
    • Modified: Jun. 26, 2025

  • 9.8

    CRITICAL
    CVE-2025-7609

    A vulnerability has been found in code-projects Simple Shopping Cart 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument ruser_email leads to sql injection.... Read more

    Affected Products : simple_shopping_cart
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 9.8

    CRITICAL
    CVE-2025-7341

    The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the temp_file_delete() function in all versions up to, and i... Read more

    • Published: Jul. 15, 2025
    • Modified: Jul. 16, 2025

  • 9.8

    CRITICAL
    CVE-2025-8279

    Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution... Read more

    • Published: Jul. 28, 2025
    • Modified: Aug. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-1734

    A vulnerability classified as critical has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected is an unknown function of the file admin/products/controller.php?action=add. The manipulation of the argument image leads to unrestri... Read more

    • EPSS Score: %0.06
    • Published: Mar. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-50165

    Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.... Read more

    Affected Products : windows_11_24h2 windows_server_2025
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025

  • 9.8

    CRITICAL
    CVE-2023-24538

    Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal... Read more

    Affected Products : go
    • EPSS Score: %0.65
    • Published: Apr. 06, 2023
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2023-2107

    A vulnerability, which was classified as critical, was found in IBOS 4.5.5. Affected is an unknown function of the file file/personal/del&op=recycle. The manipulation of the argument fids leads to sql injection. It is possible to launch the attack remotel... Read more

    Affected Products : ibos
    • EPSS Score: %0.06
    • Published: Apr. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2151

    A vulnerability, which was classified as critical, was found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file manage_student.php. The manipulation of the argument id leads to sql injection. It ... Read more

    • EPSS Score: %0.05
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-0341

    A vulnerability, which was classified as critical, has been found in CampCodes Computer Laboratory Management System 1.0. Affected by this issue is some unknown functionality of the file /class/edit/edit. The manipulation of the argument e_photo leads to ... Read more

    • Published: Jan. 09, 2025
    • Modified: Mar. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-12919

    The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.13.7. This is due to the pms_pb_payment_redirect_link ... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 22, 2025

  • 9.8

    CRITICAL
    CVE-2023-30204

    Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the judge_id parameter at /php-jms/edit_judge.php.... Read more

    Affected Products : judging_management_system
    • EPSS Score: %0.07
    • Published: May. 03, 2023
    • Modified: Jan. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-2531

    Improper Restriction of Excessive Authentication Attempts in GitHub repository azuracast/azuracast prior to 0.18.3.... Read more

    Affected Products : azuracast
    • EPSS Score: %0.08
    • Published: May. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-31707

    SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.07
    • Published: May. 19, 2023
    • Modified: Jan. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-0873

    A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /customeredit.php. The manipulation of the argument id/address/fullname/phonenumber/em... Read more

    Affected Products : tailoring_management_system
    • Published: Jan. 30, 2025
    • Modified: Feb. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-53584

    OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone parameter.... Read more

    Affected Products : openpanel
    • Published: Jan. 31, 2025
    • Modified: May. 23, 2025

  • 9.8

    CRITICAL
    CVE-2025-1160

    A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument username/password leads to use of defau... Read more

    • Published: Feb. 10, 2025
    • Modified: Feb. 18, 2025

  • 9.8

    CRITICAL
    CVE-2025-26520

    Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146.... Read more

    Affected Products : cacti
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-13789

    The ravpage plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.31 via deserialization of untrusted input from the 'paramsv2' parameter. This makes it possible for unauthenticated attackers to inject a PHP Ob... Read more

    Affected Products : ravpage ravpage
    • Published: Feb. 20, 2025
    • Modified: Feb. 25, 2025
Showing 20 of 291162 Results