Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-11558

    A vulnerability was found in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/user_index_search.php. Performing manipulation of the argument Search results in sql injection. The attack is possible to be carried out ... Read more

    • Published: Oct. 09, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-62025

    Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch.This issue affects JobSearch: from n/a through < 3.0.8.... Read more

    Affected Products : jobsearch_wp_job_board
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-52635

    A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0.... Read more

    Affected Products : aion
    • Published: Oct. 10, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-12301

    A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Impacted is an unknown function of the file /editproduct.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched rem... Read more

    Affected Products : simple_food_ordering_system
    • Published: Oct. 27, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-11424

    A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. This impacts an unknown function of the file /login.php. Executing manipulation of the argument emailid can lead to sql injection. The attack may be performed from rem... Read more

    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-49921

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CrocoBlock JetReviews jet-reviews allows PHP Local File Inclusion.This issue affects JetReviews: from n/a through <= 3.0.0.... Read more

    Affected Products : jetreviews
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-49901

    Authentication Bypass Using an Alternate Path or Channel vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Authentication Abuse.This issue affects Simple Link Directory: from n/a through < 14.8.1.... Read more

    Affected Products : simple_link_directory
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-11486

    A vulnerability was identified in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /buyNow.php. Such manipulation of the argument Name leads to sql injection. The attack can be launched remo... Read more

    Affected Products : farm_management_system
    • Published: Oct. 08, 2025
    • Modified: Oct. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-62583

    Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.... Read more

    Affected Products : whale
    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-35062

    Newforma Info Exchange (NIX) before version 2023.1 by default allows anonymous authentication which allows an unauthenticated attacker to exploit additional vulnerabilities that require authentication.... Read more

    • Published: Oct. 09, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-12237

    A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /index.php. Such manipulation of the argument keywords leads to sql injection. The attack can be executed remotely. The exp... Read more

    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0603

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Callvision Healthcare Callvision Emergency Code allows SQL Injection, Blind SQL Injection.This issue affects Callvision Emergency Code: before V3.0.... Read more

    Affected Products :
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-56316

    A SQL injection vulnerability in the content_title parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering.... Read more

    Affected Products : mcms
    • Published: Oct. 17, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11596

    A vulnerability was determined in code-projects E-Commerce Website 1.0. The affected element is an unknown function of the file /pages/delete_order_details.php. Executing manipulation of the argument order_id can lead to sql injection. The attack can be e... Read more

    • Published: Oct. 11, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-56221

    A lack of rate limiting in the login mechanism of SigningHub v8.6.8 allows attackers to bypass authentication via a brute force attack.... Read more

    Affected Products : signinghub
    • Published: Oct. 17, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-11659

    A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this vulnerability is an unknown functionality of the file /assets/uploadNotes.php. This manipulation of the argument File ca... Read more

    Affected Products : school_management_system
    • Published: Oct. 13, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-11583

    A flaw has been found in code-projects Online Job Search Engine 1.0. Impacted is an unknown function of the file /postjob.php. Executing manipulation of the argument txtjobID can lead to sql injection. The attack may be launched remotely. The exploit has ... Read more

    • Published: Oct. 10, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11582

    A vulnerability was detected in code-projects Online Job Search Engine 1.0. This issue affects some unknown processing of the file /registration.php. Performing manipulation of the argument txtusername results in sql injection. The attack may be initiated... Read more

    • Published: Oct. 10, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11629

    A vulnerability has been found in RainyGao DocSys up to 2.02.36. This impacts the function getUserList of the file /Manage/getUserList.do. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclos... Read more

    Affected Products : docsys
    • Published: Oct. 12, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11350

    A security flaw has been discovered in Campcodes Online Apartment Visitor Management System 1.0. The affected element is an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate/todate results in sql injectio... Read more

    • Published: Oct. 07, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection
Showing 20 of 3915 Results