Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-47548

    Server-Side Request Forgery (SSRF) vulnerability in Varun Dubey Wbcom Designs - Activity Link Preview For BuddyPress allows Server Side Request Forgery. This issue affects Wbcom Designs - Activity Link Preview For BuddyPress: from n/a through 1.4.4.... Read more

    • Published: May. 07, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-47688

    Missing Authorization vulnerability in Saad Iqbal Advanced File Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced File Manager: from n/a through 5.3.1.... Read more

    Affected Products : advanced_file_manager
    • Published: May. 07, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-45841

    TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function.... Read more

    Affected Products : nr1800x_firmware nr1800x
    • Published: May. 08, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-26845

    An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script.... Read more

    Affected Products : znuny
    • Published: May. 08, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-45787

    TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow viathe comment parameter in setIpPortFilterRules.... Read more

    Affected Products : a3100r_firmware a3100r
    • Published: May. 08, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-45788

    TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the comment parameter in setMacFilterRules.... Read more

    Affected Products : a3100r_firmware a3100r
    • Published: May. 08, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-45790

    TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the priority parameter in the setMacQos interface of /lib/cste_modules/firewall.so.... Read more

    Affected Products : a3100r_firmware a3100r
    • Published: May. 08, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4443

    A vulnerability was found in D-Link DIR-605L 2.13B01. It has been rated as critical. This issue affects the function sub_454F2C. The manipulation of the argument sysCmd leads to command injection. The attack may be initiated remotely. The vendor was conta... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: May. 09, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4448

    A vulnerability classified as critical was found in D-Link DIR-619L 2.04B04. This vulnerability affects the function formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The vendor w... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: May. 09, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4452

    A vulnerability was found in D-Link DIR-619L 2.04B04 and classified as critical. Affected by this issue is the function formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The vendor was ... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: May. 09, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-3810

    The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password and... Read more

    Affected Products : wpbookit wpbookit
    • Published: May. 09, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-3714

    The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4456

    A vulnerability classified as critical has been found in Project Worlds Car Rental Project 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack rem... Read more

    Affected Products : car_rental_project
    • Published: May. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4457

    A vulnerability classified as critical was found in Project Worlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/approve.php. The manipulation of the argument ID leads to sql injection. The attack ca... Read more

    Affected Products : car_rental_project
    • Published: May. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4463

    A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. Affected is an unknown function of the file /ajax.php?action=save_package. The manipulation of the argument ID leads to sql injection. It is possible t... Read more

    Affected Products : gym_management_system
    • Published: May. 09, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4465

    A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_schedule. The manipulation of the argument member_id leads to sql inject... Read more

    Affected Products : gym_management_system
    • Published: May. 09, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4468

    A vulnerability was found in SourceCodester Online Student Clearance System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /edit-photo.php. The manipulation of the argument userImage leads to unrestricted upload... Read more

    Affected Products : online_student_clearance_system
    • Published: May. 09, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-12442

    EnerSys AMPA versions 24.04 through 24.16, inclusive, are vulnerable to command injection leading to privileged remote shell access.... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-46188

    SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in superadmin_phpmyadmin.php.... Read more

    Affected Products : client_database_management_system
    • Published: May. 09, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-46189

    SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_order_customer_update.php via the order_id POST parameter.... Read more

    Affected Products : client_database_management_system
    • Published: May. 09, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Injection
Showing 20 of 292763 Results