Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-4020

    A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /contact.php. The manipulation of the argument fname leads to sql injection. The attack... Read more

    Affected Products : old_age_home_management_system
    • Published: Apr. 28, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4024

    A vulnerability classified as critical has been found in itsourcecode Placement Management System 1.0. Affected is an unknown function of the file /add_drive.php. The manipulation of the argument drive_title leads to sql injection. It is possible to launc... Read more

    Affected Products : placement_management_system
    • Published: Apr. 28, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-35814

    DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms.... Read more

    Affected Products : devexpress
    • Published: Apr. 28, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-4026

    A vulnerability, which was classified as critical, has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument adminname/mobilenumber leads t... Read more

    • Published: Apr. 28, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4027

    A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/rules.php. The manipulation of the argument pagetitle leads to sql injection. It is possible ... Read more

    Affected Products : old_age_home_management_system
    • Published: Apr. 28, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4028

    A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumber leads to sql ... Read more

    Affected Products : covid19_testing_management_system
    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-31651

    Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effe... Read more

    Affected Products : tomcat
    • Published: Apr. 28, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-4036

    A vulnerability was found in 201206030 Novel 3.5.0 and classified as critical. This issue affects the function updateBookChapter of the file src/main/java/io/github/xxyopen/novel/controller/author/AuthorController.java of the component Chapter Handler. Th... Read more

    Affected Products : novel
    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-4058

    A vulnerability classified as critical has been found in Projectworlds Online Examination System 1.0. This affects an unknown part of the file /Bloodgroop_process.php. The manipulation of the argument Pat_BloodGroup1 leads to sql injection. It is possible... Read more

    • Published: Apr. 29, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4071

    A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /test-details.php. The manipulation of the argument Status leads to sql injection. The attac... Read more

    Affected Products : covid19_testing_management_system
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-46347

    YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the ... Read more

    Affected Products : yeswiki
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-4125

    Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file.... Read more

    Affected Products : ispsoft
    • Published: Apr. 30, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4108

    A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Affected is an unknown function of the file /add-subject.php. The manipulation of the argument sub1 leads to sql injection. It is possible to launch the... Read more

    Affected Products : student_record_system
    • Published: Apr. 30, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4112

    A vulnerability was found in PHPGurukul Student Record System 3.20. It has been declared as critical. This vulnerability affects unknown code of the file /add-course.php. The manipulation of the argument course-short leads to sql injection. The attack can... Read more

    Affected Products : student_record_system
    • Published: Apr. 30, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-45017

    A SQL injection vulnerability was discovered in edit-ticket.php of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the tprice POST request parameter.... Read more

    • Published: Apr. 30, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4120

    A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been classified as critical. Affected is the function sub_4238E8. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was... Read more

    Affected Products : jwnr2000v2_firmware jwnr2000v2
    • Published: Apr. 30, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-21355

    Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network... Read more

    Affected Products : bing
    • Published: Feb. 19, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-13792

    The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.2. This is due to the software allowing users to execute an action that does not properly ... Read more

    Affected Products : woocommerce_food
    • Published: Feb. 20, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-27096

    WeGIA is a Web Manager for Institutions with a focus on Portuguese language. A SQL Injection vulnerability was discovered in the WeGIA application, personalizacao_upload.php endpoint. This vulnerability allow an authorized attacker to execute arbitrary SQ... Read more

    Affected Products : wegia
    • Published: Feb. 20, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-24893

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the confidentiality, integrity and availability ... Read more

    Affected Products : xwiki
    • Published: Feb. 20, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Authentication
Showing 20 of 293284 Results