Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-0541

    A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/edit_member.php. The manipulation of the argument name leads to sql injection. The attack m... Read more

    • Published: Jan. 17, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-13375

    The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to the plugin not properly validating a user's identity prior to updating their details like passwo... Read more

    Affected Products :
    • Published: Jan. 18, 2025
    • Modified: Jan. 18, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-0563

    A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been classified as critical. Affected is an unknown function of the file /dash/update.php. The manipulation of the argument uname leads to sql injection. It is possible to launch the a... Read more

    Affected Products : fantasy-cricket
    • Published: Jan. 19, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0565

    A vulnerability was found in ZZCMS 2023. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The explo... Read more

    Affected Products : zzcms
    • Published: Jan. 19, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0585

    The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.... Read more

    Affected Products :
    • Published: Jan. 20, 2025
    • Modified: Jan. 20, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-45647

    IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password.... Read more

    • Published: Jan. 20, 2025
    • Modified: Jan. 29, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-49688

    Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-42936

    The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerable to Remote Code Execution via a modified MQTT broker message.... Read more

    Affected Products : reyee_os rg-ew300n
    • Published: Jan. 21, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-21524

    Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with... Read more

    Affected Products : jd_edwards_enterpriseone_tools
    • Published: Jan. 21, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-21535

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v... Read more

    Affected Products : weblogic_server
    • Published: Jan. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-49748

    In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploita... Read more

    Affected Products : android
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-23914

    Deserialization of Untrusted Data vulnerability in NotFound Muzaara Google Ads Report allows Object Injection. This issue affects Muzaara Google Ads Report: from n/a through 3.1.... Read more

    Affected Products :
    • Published: Jan. 22, 2025
    • Modified: Jan. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-13234

    The Product Table by WBW plugin for WordPress is vulnerable to SQL Injection via the 'additionalCondition' parameter in all versions up to, and including, 2.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation... Read more

    Affected Products : product_table
    • Published: Jan. 23, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-23006

    Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated a... Read more

    • Actively Exploited
    • Published: Jan. 23, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2023-46401

    KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function.... Read more

    Affected Products : kwhotel
    • Published: Jan. 23, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2019-19791

    In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints (when some LemonLDAP::NG setup options are used). For example, an attacker can insert index.fcgi/index.... Read more

    Affected Products : lemonldap\
    • Published: May. 29, 2023
    • Modified: Jan. 14, 2025

  • 9.8

    CRITICAL
    CVE-2022-46599

    TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the setlogo_num parameter in the icp_setlogo_img (sub_41DBF4) function.... Read more

    Affected Products : tew-755ap_firmware tew-755ap
    • Published: Dec. 30, 2022
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2025-26909

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost allows PHP Local File Inclusion.This issue affects Hide My WP Ghost: from n/a through 5.4.01.... Read more

    Affected Products : hide_my_wp_ghost
    • Published: Mar. 27, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-28138

    The TOTOLINK A800R V4.1.2cu.5137_B20200730 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.... Read more

    Affected Products : a800r_firmware a800r
    • Published: Mar. 27, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-49002

    DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohi... Read more

    Affected Products : dataease
    • Published: Jun. 03, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authentication
Showing 20 of 293355 Results