Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-6481

    A vulnerability, which was classified as critical, has been found in code-projects Simple Pizza Ordering System 1.0. This issue affects some unknown processing of the file /update.php. The manipulation of the argument ID leads to sql injection. The attack... Read more

    Affected Products : simple_pizza_ordering_system
    • Published: Jun. 22, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6482

    A vulnerability, which was classified as critical, was found in code-projects Simple Pizza Ordering System 1.0. Affected is an unknown function of the file /edituser-exec.php. The manipulation of the argument userid leads to sql injection. It is possible ... Read more

    Affected Products : simple_pizza_ordering_system
    • Published: Jun. 22, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6489

    A vulnerability has been found in itsourcecode Agri-Trading Online Shopping System 1.0 and classified as critical. This vulnerability affects unknown code of the file /transactionsave.php. The manipulation of the argument del leads to sql injection. The a... Read more

    • Published: Jun. 22, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6502

    A vulnerability has been found in code-projects Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /php_action/changePassword.php. The manipulation of the argument user_id leads to sql injection... Read more

    Affected Products : inventory_management_system
    • Published: Jun. 23, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6503

    A vulnerability was found in code-projects Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /php_action/fetchSelectedCategories.php. The manipulation of the argument categoriesId leads to s... Read more

    Affected Products : inventory_management_system
    • Published: Jun. 23, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-48978

    An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component.... Read more

    Affected Products : itm_web_terminal
    • Published: Jun. 23, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2023-47295

    A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings.... Read more

    Affected Products : terminal_handler
    • Published: Jun. 23, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2019-1072

    A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.... Read more

    • Published: Jul. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-6424

    A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jun. 24, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-49851

    ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to an Improper Authentication vulnerability which could allow an attacker to bypass authentication and gain permissions in the product.... Read more

    Affected Products : control_id_idsecure
    • Published: Jun. 24, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-6611

    A vulnerability was found in code-projects Inventory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /php_action/createBrand.php. The manipulation of the argument brandStatus leads to sql inject... Read more

    Affected Products : inventory_management_system
    • Published: Jun. 25, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6612

    A vulnerability was found in code-projects Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /php_action/removeCategories.php. The manipulation of the argument categoriesId leads to sql ... Read more

    Affected Products : inventory_management_system
    • Published: Jun. 25, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-5282

    A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file seed_message_student.php. The manipulation of the argument teacher_id leads to sql injection. Th... Read more

    Affected Products : engineers_online_portal
    • Published: Sep. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-6618

    A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been classified as critical. Affected is the function SetWLanApcliSettings of the file wps.so. The manipulation of the argument PIN leads to os command injection. It is possible to launch th... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • Published: Jun. 25, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6621

    A vulnerability classified as critical has been found in TOTOLINK CA300-PoE 6.2c.884. This affects the function QuickSetting of the file ap.so. The manipulation of the argument hour/minute leads to os command injection. It is possible to initiate the atta... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • Published: Jun. 25, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-5277

    A vulnerability, which was classified as critical, has been found in SourceCodester Engineers Online Portal 1.0. This issue affects some unknown processing of the file student_avatar.php. The manipulation of the argument change leads to unrestricted uploa... Read more

    Affected Products : engineers_online_portal
    • Published: Sep. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-4334

    The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3. This is due to insufficient restrictions on user meta values that can be supplied during registration. This makes it possibl... Read more

    Affected Products : simple_user_registration
    • Published: Jun. 26, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-49003

    DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" when converted to uppercase, and the character "ſ" become... Read more

    Affected Products : dataease
    • Published: Jun. 26, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-29331

    An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote attacker to execute arbitrary code via the management script x-ui passes the no check certificate option to wget when downloading updates... Read more

    Affected Products : 3x-ui
    • Published: Jun. 26, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2014-7210

    pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends are not affected.... Read more

    Affected Products : debian_linux pdns
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293284 Results