Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-11348

    A vulnerability was determined in Campcodes Online Apartment Visitor Management System 1.0. This issue affects some unknown processing of the file /index.php. Executing manipulation of the argument Username can lead to sql injection. The attack can be lau... Read more

    • Published: Oct. 07, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11349

    A vulnerability was identified in Campcodes Online Apartment Visitor Management System 1.0. Impacted is an unknown function of the file /search-visitor.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated re... Read more

    • Published: Oct. 07, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10857

    A security flaw has been discovered in Campcodes Point of Sale System POS 1.0. Affected by this issue is some unknown functionality of the file /login.php. Performing manipulation of the argument Username results in sql injection. The attack is possible t... Read more

    Affected Products : point_of_sale_system
    • Published: Sep. 23, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10785

    A vulnerability was detected in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown part of the file /manage_user.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The ex... Read more

    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-40836

    Ericsson Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can allow an attacker to execute commands with escalated privileges.... Read more

    • Published: Sep. 25, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10147

    The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'move_as_original_file' function in all versions up to, and including, 4.2.6. This makes it possible for unauthenticated ... Read more

    Affected Products : podlove_podcast_publisher
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-10832

    A vulnerability was found in SourceCodester Pet Grooming Management Software 1.0. The affected element is an unknown function of the file /admin/fetch_product_details.php. The manipulation of the argument barcode results in sql injection. The attack may b... Read more

    Affected Products : pet_grooming_management_software
    • Published: Sep. 23, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10816

    A security flaw has been discovered in Jinher OA 2.0. This affects an unknown part of the file /c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx/?text=GetUrl&style=add of the component XML Handler. Performing manipulation results in xml external entity r... Read more

    Affected Products : jinher_oa
    • Published: Sep. 22, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: XML External Entity

  • 9.8

    CRITICAL
    CVE-2025-9286

    The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the reset_user_password() REST handler in all versions up to, and including, 1.1.2. This makes it possible for unauthentica... Read more

    Affected Products :
    • Published: Oct. 03, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-10802

    A flaw has been found in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /administrator/remove.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit... Read more

    Affected Products : online_bidding_system
    • Published: Sep. 22, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10843

    A flaw has been found in Reservation Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /reservation/paypalpayout.php. Executing manipulation of the argument confirm can lead to sql injection. The a... Read more

    Affected Products : online_hotel_reservation_system
    • Published: Sep. 23, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-34198

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951 and Application prior to 20.0.2368 (VA and SaaS deployments) contain shared, hardcoded SSH host private keys in the appliance image. The same private host keys (RSA, EC... Read more

    • Published: Sep. 19, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-11431

    A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. The impacted element is an unknown function of the file /transaction.php. This manipulation of the argument shopid causes sql injection. The attack is possible to be c... Read more

    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11424

    A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. This impacts an unknown function of the file /login.php. Executing manipulation of the argument emailid can lead to sql injection. The attack may be performed from rem... Read more

    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11061

    A vulnerability was found in Campcodes Online Learning Management System 1.0. This affects an unknown part of the file /admin/edit_student.php. Performing manipulation of the argument cys results in sql injection. The attack is possible to be carried out ... Read more

    Affected Products : online_learning_management_system
    • Published: Sep. 27, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11110

    A security flaw has been discovered in Campcodes Online Learning Management System 1.0. The impacted element is an unknown function of the file /admin/school_year.php. The manipulation of the argument school_year results in sql injection. It is possible t... Read more

    Affected Products : online_learning_management_system
    • Published: Sep. 28, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10585

    Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    • Actively Exploited
    • Published: Sep. 24, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-11102

    A weakness has been identified in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/edit_content.php. Executing manipulation of the argument Title can lead to sql injection. The attack can be launched remo... Read more

    Affected Products : online_learning_management_system
    • Published: Sep. 28, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11109

    A vulnerability was identified in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/us_edit.php?action=edit. The manipulation of the argument ID leads to sql injection. It is possible to init... Read more

    • Published: Sep. 28, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11404

    A vulnerability was determined in SourceCodester Hotel and Lodge Management System 1.0. This affects an unknown part of the file /pages/save_tax.php. Executing manipulation of the argument percentage can lead to sql injection. It is possible to launch the... Read more

    Affected Products : hotel_and_lodge_management_system
    • Published: Oct. 07, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection
Showing 20 of 3896 Results