Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2025-40656

    A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the cod parameter in /administer/node-selection/data.asp.... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025

  • 9.3

    CRITICAL
    CVE-2025-40628

    SQL injection vulnerability in DomainsPRO 1.2. This vulnerability could allow an attacker to retrieve, create, update and delete databases via the “d” parameter in the “/article.php” endpoint.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-40618

    SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDRESERVA"  parameter in /bkg_imprimir_comprobante.php... Read more

    Affected Products :
    • Published: Apr. 29, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-40654

    A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name and cod parameters in /antbuspre.asp.... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-40713

    SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo parameter in/<Client>FacturaE/BusquedasFacturasSesion.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-3651

    Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier allows attackers to execute arbitrary commands via unauthorized access to the Agent service.  This has been remediated in Work Desktop for... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-22542

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ofek Nakar Virtual Bot allows Blind SQL Injection.This issue affects Virtual Bot: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-3096

    Clinic’s Patient Management System versions 2.0 suffers from a SQL injection vulnerability in the login page.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-39479

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartiolabs Smart Notification allows Blind SQL Injection. This issue affects Smart Notification: from n/a through 10.3.... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-39386

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla Hospital Management System allows SQL Injection.This issue affects Hospital Management System: from n/a through 47.0(20-11-2023).... Read more

    Affected Products : hospital_management_system
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-34127

    A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the UDP port 9256, an attacker can overwrite the structured exception handler (SEH) due to insufficient bounds checking on user-su... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-34121

    An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The `wizards/post2file.php` script accepts arbitrary POST parameters, allowing attackers to upload crafted PHP files to the... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-34138

    A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow remote code execution or unauthorized access to information. This vulnerability affects all Experience Platf... Read more

    Affected Products : managed_cloud
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2025-34100

    An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its use of the jQuery File Upload plugin. The plugin fails to properly validate or restrict file types or locations during upl... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2025-34068

    An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the “Tech Support” diagnostic functionality. The command1 and command2 POST or GET parameters a... Read more

    Affected Products :
    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-34082

    A command injection vulnerability exists in IGEL OS versions prior to 11.04.270 within the Secure Terminal and Secure Shadow services. The flaw arises due to improper input sanitization in the handling of specially crafted PROXYCMD commands on TCP ports 3... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-34072

    A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol (MCP) Server via automatic link unfurling. When an AI agent using the Slack MCP Server processes untrusted data, it can be manipulated to generate messages con... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2025-34089

    An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility developed by Aexol Studio, in versions up to and including 2025.7. When the application is configured with authentication disabled (i.e., the "... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-32965

    xrpl.js is a JavaScript/TypeScript API for interacting with the XRP Ledger in Node.js and the browser. Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised and contained malicious code designed to exfiltrate private keys. Version 2.14.2 is ... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Supply Chain

  • 9.3

    CRITICAL
    CVE-2025-32711

    Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.... Read more

    Affected Products : 365_copilot
    • Published: Jun. 11, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Injection
Showing 20 of 292495 Results