Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-4028

    A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumber leads to sql ... Read more

    Affected Products : covid19_testing_management_system
    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-31651

    Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effe... Read more

    Affected Products : tomcat
    • Published: Apr. 28, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-4036

    A vulnerability was found in 201206030 Novel 3.5.0 and classified as critical. This issue affects the function updateBookChapter of the file src/main/java/io/github/xxyopen/novel/controller/author/AuthorController.java of the component Chapter Handler. Th... Read more

    Affected Products : novel
    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-4058

    A vulnerability classified as critical has been found in Projectworlds Online Examination System 1.0. This affects an unknown part of the file /Bloodgroop_process.php. The manipulation of the argument Pat_BloodGroup1 leads to sql injection. It is possible... Read more

    • Published: Apr. 29, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4071

    A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /test-details.php. The manipulation of the argument Status leads to sql injection. The attac... Read more

    Affected Products : covid19_testing_management_system
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-46347

    YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the ... Read more

    Affected Products : yeswiki
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-4125

    Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file.... Read more

    Affected Products : ispsoft
    • Published: Apr. 30, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4108

    A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Affected is an unknown function of the file /add-subject.php. The manipulation of the argument sub1 leads to sql injection. It is possible to launch the... Read more

    Affected Products : student_record_system
    • Published: Apr. 30, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4112

    A vulnerability was found in PHPGurukul Student Record System 3.20. It has been declared as critical. This vulnerability affects unknown code of the file /add-course.php. The manipulation of the argument course-short leads to sql injection. The attack can... Read more

    Affected Products : student_record_system
    • Published: Apr. 30, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-45017

    A SQL injection vulnerability was discovered in edit-ticket.php of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the tprice POST request parameter.... Read more

    • Published: Apr. 30, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4120

    A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been classified as critical. Affected is the function sub_4238E8. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was... Read more

    Affected Products : jwnr2000v2_firmware jwnr2000v2
    • Published: Apr. 30, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-21355

    Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network... Read more

    Affected Products : bing
    • Published: Feb. 19, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-13792

    The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.2. This is due to the software allowing users to execute an action that does not properly ... Read more

    Affected Products : woocommerce_food
    • Published: Feb. 20, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-27096

    WeGIA is a Web Manager for Institutions with a focus on Portuguese language. A SQL Injection vulnerability was discovered in the WeGIA application, personalizacao_upload.php endpoint. This vulnerability allow an authorized attacker to execute arbitrary SQ... Read more

    Affected Products : wegia
    • Published: Feb. 20, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-24893

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the confidentiality, integrity and availability ... Read more

    Affected Products : xwiki
    • Published: Feb. 20, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-25662

    Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow in the function SafeSetMacFilter of the file /goform/setMacFilterList via the argument remark/type/time.... Read more

    Affected Products : o4_firmware o4
    • Published: Feb. 20, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-25664

    Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_49E098 function.... Read more

    Affected Products : ac8_firmware ac8
    • Published: Feb. 20, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-25678

    Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function.... Read more

    Affected Products : i12 i12_firmware
    • Published: Feb. 20, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-1539

    A vulnerability, which was classified as critical, has been found in D-Link DAP-1320 1.00. Affected by this issue is the function replace_special_char of the file /storagein.pd-XXXXXX. The manipulation leads to stack-based buffer overflow. The attack may ... Read more

    Affected Products : dap-1320_firmware
    • Published: Feb. 21, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-1510

    The The Custom Post Type Date Archives plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.7.1. This is due to the software allowing users to execute an action that does not properly validate a value... Read more

    Affected Products : custom_post_type_date_archives
    • Published: Feb. 22, 2025
    • Modified: Feb. 22, 2025
    • Vuln Type: Authentication
Showing 20 of 292803 Results