Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-8334

    A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php?action=delete_recruitment_status. The manipulation of the argu... Read more

    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8336

    A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=save_user. The manipulation of the argument ID leads to sql injection. The a... Read more

    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8338

    A vulnerability was found in projectworlds Online Admission System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /adminac.php. The manipulation of the argument ID leads to sql injection. The attack may be... Read more

    Affected Products : online_admission_system
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8339

    A vulnerability was found in code-projects Intern Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /student_login.php. The manipulation of the argument user_name/password leads to sql injection... Read more

    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8371

    A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/update_s5.php. The manipulation of the argument credits leads to sql injecti... Read more

    Affected Products : exam_form_submission
    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8372

    A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/update_s7.php. The manipulation of the argument credits leads to sql injection. The att... Read more

    Affected Products : exam_form_submission
    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8375

    A vulnerability was found in code-projects Vehicle Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /addvehicle.php. The manipulation of the argument vehicle leads to sql injection. The attack may be in... Read more

    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8378

    A vulnerability was found in Campcodes Online Hotel Reservation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument username/... Read more

    Affected Products : online_hotel_reservation_system
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8407

    A vulnerability, which was classified as critical, has been found in code-projects Vehicle Management 1.0. This issue affects some unknown processing of the file /filter2.php. The manipulation of the argument from leads to sql injection. The attack may be... Read more

    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2019-19208

    Codiad Web IDE through 2.8.4 allows PHP Code injection.... Read more

    Affected Products : codiad
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-9476

    A vulnerability has been found in SourceCodester Human Resource Information System 1.0. Affected by this issue is some unknown functionality of the file /Superadmin_Dashboard/process/editemployee_process.php. Such manipulation of the argument employee_fil... Read more

    Affected Products : human_resource_information_system
    • Published: Aug. 26, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-9475

    A flaw has been found in SourceCodester Human Resource Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin_Dashboard/process/editemployee_process.php. This manipulation of the argument employee_file201 cau... Read more

    Affected Products : human_resource_information_system
    • Published: Aug. 26, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-13421

    The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected during registration. This makes it possi... Read more

    Affected Products : real_estate_7
    • Published: Feb. 12, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-9472

    A vulnerability was found in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /owner_utility/add_owner_utility.php. The manipulation of the argument ID results in sql injection. The attack can be execute... Read more

    Affected Products : apartment_management_system
    • Published: Aug. 26, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-24294

    A Prototype Pollution issue in Blackprint @blackprint/engine v.0.9.0 allows an attacker to execute arbitrary code via the _utils.setDeepProperty function of engine.min.js.... Read more

    Affected Products :
    • Published: May. 20, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-1183

    A vulnerability has been found in CodeZips Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/admin/more-userprofile.php. The manipulation of the argument login_id leads ... Read more

    • Published: Feb. 12, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2019-19168

    Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution.... Read more

    Affected Products : activex dext5
    • Published: May. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16049

    An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message.... Read more

    Affected Products : gitlab
    • Published: Oct. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000101

    Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination (CWE-170) vulnerability in mingw-w64-crt (libc)->(v)snprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appea... Read more

    Affected Products : mingw-w64
    • Published: Mar. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-9430

    Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. ... Read more

    Affected Products : dnstracer
    • Published: Jun. 05, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293418 Results