Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-28872

    Missing Authorization vulnerability in jwpegram Block Spam By Math Reloaded allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Block Spam By Math Reloaded: from n/a through 2.2.4.... Read more

    Affected Products : block_spam_by_math_reloaded
    • Published: Mar. 11, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-2216

    A vulnerability, which was classified as critical, has been found in zzskzy Warehouse Refinement Management System 1.3. Affected by this issue is the function UploadCrash of the file /crash/log/SaveCrash.ashx. The manipulation of the argument file leads t... Read more

    • Published: Mar. 12, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-25568

    SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function. NOTE: the Supplier disputes this because the use-after-free is not in the VPN software, but is instead in a separate tool that has no u... Read more

    Affected Products : vpn
    • Published: Mar. 12, 2025
    • Modified: Jul. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-25292

    ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differ... Read more

    • Published: Mar. 12, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-2232

    The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'do_register_user' func... Read more

    Affected Products : realteo
    • Published: Mar. 14, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-27595

    The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device.... Read more

    Affected Products :
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-2000

    A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's `qiskit.qpy.load()` function could potenti... Read more

    Affected Products : qiskit
    • Published: Mar. 14, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-29029

    Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Mar. 14, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-2362

    A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/contact-us.php. The manipulation of the argument mobnum leads to sql injection. The atta... Read more

    Affected Products : pre-school_enrollment_system
    • Published: Mar. 17, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2395

    The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to use a particular API and alter cookies to log in as an administrator.... Read more

    Affected Products : u-office_force
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-2379

    A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /create-pass.php. The manipulation of the argument visname leads to sql injection. The ... Read more

    • Published: Mar. 17, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2380

    A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin-profile.php. The manipulation of the argument mobilenumber leads to sql injectio... Read more

    • Published: Mar. 17, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2385

    A vulnerability has been found in code-projects Modern Bag 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument userEmail/userPassword leads to sql injection. The attack can be in... Read more

    Affected Products : modern_bag
    • Published: Mar. 17, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2387

    A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument pid leads to sql injection. I... Read more

    • Published: Mar. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-25914

    SQL injection vulnerability in Online Exam Mastering System v.1.0 allows a remote attacker to execute arbitrary code via the fid parameter... Read more

    • Published: Mar. 17, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2391

    A vulnerability classified as critical was found in code-projects Blood Bank Management System 1.0. This vulnerability affects unknown code of the file /admin/admin_login.php of the component Admin Login Page. The manipulation leads to sql injection. The ... Read more

    • Published: Mar. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-29912

    CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and pr... Read more

    Affected Products : cryptolib
    • Published: Mar. 17, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-8997

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection.This issue affects EVC04 Configuration Interface: before V3.187, V4.53.... Read more

    Affected Products : evc04_configuration_interface
    • Published: Mar. 18, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-30113

    An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Hardcoded Credentials exist in the APK for Ports 9091 and 9092. The dashcam's Android application contains hardcoded credentials that allow unauthorized access to device settings t... Read more

    Affected Products : dr_820_firmware dr_820
    • Published: Mar. 18, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-30115

    An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Default Credentials Cannot Be Changed. It uses a fixed default SSID and password ("qwertyuiop"), which cannot be modified by users. The SSID is continuously broadcast, allowing una... Read more

    Affected Products : dr_820_firmware dr_820
    • Published: Mar. 18, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Authentication
Showing 20 of 292851 Results