Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-27677

    Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Symbolic Links For Unprivileged File Interaction V-2022-002.... Read more

    Affected Products : virtual_appliance vasion_print
    • Published: Mar. 05, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-27681

    Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 mishandles Client Inter-process Security V-2022-004.... Read more

    Affected Products : virtual_appliance vasion_print
    • Published: Mar. 05, 2025
    • Modified: Apr. 15, 2025

  • 9.8

    CRITICAL
    CVE-2025-27682

    Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Insecure Log Permissions V-2022-005.... Read more

    Affected Products : virtual_appliance vasion_print
    • Published: Mar. 05, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-13777

    The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.91 via deserialization of untrusted input from the 'margs' parameter. This makes it possible for ... Read more

    Affected Products : zoomsounds
    • Published: Mar. 05, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1515

    The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.8. This is due to insufficient identity verification on the LinkedIn login request process. This makes it possible for unauthent... Read more

    Affected Products :
    • Published: Mar. 05, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-25632

    Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet.... Read more

    Affected Products : ac15_firmware ac15
    • Published: Mar. 05, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-25361

    An arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of PublicCMS v4.0.202406 allows attackers to execute arbitrary code via uploading a crafted svg or xml file.... Read more

    Affected Products : publiccms
    • Published: Mar. 06, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-2050

    A vulnerability classified as critical was found in PHPGurukul User Registration & Login and User Management System 3.3. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument email leads to sql... Read more

    • Published: Mar. 07, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2058

    A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to s... Read more

    Affected Products : emergency_ambulance_hiring_portal
    • Published: Mar. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2060

    A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been classified as critical. This affects an unknown part of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. It... Read more

    Affected Products : emergency_ambulance_hiring_portal
    • Published: Mar. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2062

    A vulnerability classified as critical has been found in projectworlds Life Insurance Management System 1.0. Affected is an unknown function of the file /clientStatus.php. The manipulation of the argument client_id leads to sql injection. It is possible t... Read more

    Affected Products : life_insurance_management_system
    • Published: Mar. 07, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2063

    A vulnerability classified as critical was found in projectworlds Life Insurance Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /deleteNominee.php. The manipulation of the argument nominee_id leads to sql inj... Read more

    Affected Products : life_insurance_management_system
    • Published: Mar. 07, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2066

    A vulnerability has been found in projectworlds Life Insurance Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /updateAgent.php. The manipulation of the argument agent_id leads to sql injection. The at... Read more

    Affected Products : life_insurance_management_system
    • Published: Mar. 07, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1475

    The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verification on the 'user_phone' parameter when logging in. This makes it possible for unauthenticated at... Read more

    Affected Products : wpcom_member
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-27816

    A vulnerability was discovered in the Arctera InfoScale 7.0 through 8.0.2 where a .NET remoting endpoint can be exploited due to the insecure deserialization of potentially untrusted messages. The vulnerability is present in the Windows Plugin_Host servic... Read more

    Affected Products :
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-12876

    The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. This is due to the plugin not properly validating a user's identity prior to updating... Read more

    Affected Products : golo
    • Published: Mar. 07, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-2088

    A vulnerability, which was classified as critical, was found in PHPGurukul Pre-School Enrollment System up to 1.0. Affected is an unknown function of the file /admin/profile.php. The manipulation of the argument fullname/emailid/mobileNumber leads to sql ... Read more

    Affected Products : pre-school_enrollment_system
    • Published: Mar. 07, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2096

    A vulnerability classified as critical was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function setRebootScheCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mode/week/minute/recHour leads to os c... Read more

    Affected Products : ex1800t_firmware ex1800t
    • Published: Mar. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-11087

    The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being r... Read more

    Affected Products : social_login
    • Published: Mar. 08, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-2112

    A vulnerability was found in user-xiangpeng yaoqishan up to a47fec4a31cbd13698c592dfdc938c8824dd25e4. It has been declared as critical. Affected by this vulnerability is the function getMediaLisByFilter of the file cn/javaex/yaoqishan/service/media_info/M... Read more

    Affected Products : yaoqishan
    • Published: Mar. 08, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection
Showing 20 of 294299 Results