Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-9596

    A vulnerability was determined in itsourcecode Sports Management System 1.0. This affects an unknown function of the file /login.php. This manipulation of the argument User causes sql injection. It is possible to initiate the attack remotely. The exploit ... Read more

    Affected Products : sports_management_system
    • Published: Aug. 29, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10424

    A vulnerability was determined in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The affected element is an unknown function of the file /admin/controller/faculty_controller.php. This manipulation of the argument new_imag... Read more

    • Published: Sep. 15, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-55575

    SQL Injection vulnerability in SMM Panel 3.1 allowing remote attackers to gain sensitive information via a crafted HTTP request with action=service_detail.... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9423

    A vulnerability was determined in Campcodes Online Water Billing System 1.0. Affected is an unknown function of the file /editecex.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit h... Read more

    Affected Products : online_water_billing_system
    • Published: Aug. 25, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-58447

    rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 2f5248b have a heap-based buffer overflow in the login server, remote attacker to overwrite adjacent session fields by sendin... Read more

    Affected Products : rathena
    • Published: Sep. 09, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-57773

    DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI triggers an AspectJWeaver deserialization attack, writi... Read more

    Affected Products : dataease
    • Published: Aug. 25, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9426

    A weakness has been identified in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /package.php. Executing manipulation of the argument subcatid can lead to sql injection. The attack may be performed from... Read more

    • Published: Aug. 25, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-57772

    DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. If the JDBC URL meets criteria, the getJdbcUrl method is returned, which acts as the getter for the JdbcUrl ... Read more

    Affected Products : dataease
    • Published: Aug. 25, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-10425

    A vulnerability was identified in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The impacted element is an unknown function of the file /admin/controller/student_controller.php. Such manipulation of the argument new_imag... Read more

    • Published: Sep. 15, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-55835

    File Upload vulnerability in SueamCMS v.0.1.2 allows a remote attacker to execute arbitrary code via the lack of filtering.... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-10473

    A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This impacts the function filterKeyword of the file /com/ruoyi/common/utils/sql/SqlUtil.java of the component Blacklist Handler. The manipulation results in sql injection. The attack ... Read more

    Affected Products : ruoyi
    • Published: Sep. 15, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10426

    A security flaw has been discovered in itsourcecode Online Laundry Management System 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the at... Read more

    • Published: Sep. 15, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9424

    A vulnerability was identified in Ruijie WS7204-A 2017.06.15. Affected by this vulnerability is an unknown functionality of the file /itbox_pi/branch_import.php?a=branch_list. Such manipulation of the argument province leads to os command injection. The a... Read more

    Affected Products : ws7204-a_firmware ws7204-a
    • Published: Aug. 25, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-56267

    A CSV injection vulnerability in the /id_profiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via suuplying a crafted Excel file.... Read more

    Affected Products : access_control_manager
    • Published: Sep. 08, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-59360

    The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-56266

    A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL.... Read more

    Affected Products : access_control_manager
    • Published: Sep. 08, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-57085

    Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : w30e_firmware w30e
    • Published: Sep. 09, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-10452

    Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges.... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-9789

    A vulnerability was identified in SourceCodester Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file /admin/edituser.php. The manipulation of the argument userid leads to sql injection. The attack may be i... Read more

    • Published: Sep. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10667

    A weakness has been identified in itsourcecode Online Discussion Forum 1.0. Affected by this issue is some unknown functionality of the file /members/compose_msg.php. This manipulation of the argument ID causes sql injection. The attack is possible to be ... Read more

    Affected Products : online_discussion_forum
    • Published: Sep. 18, 2025
    • Modified: Sep. 20, 2025
    • Vuln Type: Injection
Showing 20 of 4369 Results