Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2025-2566

    Kaleris NAVIS N4 ULC (Ultra Light Client) contains an unsafe Java deserialization vulnerability. An unauthenticated attacker can make specially crafted requests to execute arbitrary code on the server.... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2025-1135

    A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the BatchWinnerEntry functionality. The CurrentFundraiser para... Read more

    Affected Products : churchcrm
    • Published: Feb. 19, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-2611

    The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-2407

    Missing Authentication & Authorization in Web-API in Mobatime AMX MTAPI v6 on IIS allows adversaries to unrestricted access via the network. The vulnerability is fixed in Version 1.5.... Read more

    Affected Products :
    • Published: May. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-29775

    xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-cry... Read more

    Affected Products :
    • Published: Mar. 14, 2025
    • Modified: Mar. 15, 2025
    • Vuln Type: Authorization

  • 9.3

    CRITICAL
    CVE-2025-28898

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound WP Multistore Locator allows SQL Injection. This issue affects WP Multistore Locator: from n/a through 2.5.2.... Read more

    Affected Products : wp_multi_store_locator
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-28942

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Trust Payments Trust Payments Gateway for WooCommerce allows SQL Injection. This issue affects Trust Payments Gateway for WooCommerce: from n/a through 1... Read more

    Affected Products :
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-27720

    The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cryptography

  • 9.3

    CRITICAL
    CVE-2025-27510

    conda-forge-metadata provides programatic access to conda-forge's metadata. conda-forge-metadata uses an optional dependency - "conda-oci-mirror" which was neither present on the PyPi repository nor registered by any entity. If conda-oci-mirror is taken o... Read more

    Affected Products :
    • Published: Mar. 04, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Supply Chain

  • 9.3

    CRITICAL
    CVE-2025-27509

    fleetdm/fleet is an open source device management, built on osquery. In vulnerable versions of Fleet, an attacker could craft a specially-formed SAML response to forge authentication assertions, provision a new administrative user account if Just-In-Time ... Read more

    Affected Products : fleet
    • Published: Mar. 06, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-27268

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition allows SQL Injection. This issue affects Small Package Quotes – Worldwide Express Edit... Read more

    Affected Products : small_package_quotes
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-26988

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert Order Notifications – WooCommerce allows SQL Injection. This issue affects SMS Alert Order Notifications – WooCommerce: from n/a th... Read more

    Affected Products : sms_alert_order_notifications
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-26974

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExperts.io WP Multi Store Locator allows Blind SQL Injection. This issue affects WP Multi Store Locator: from n/a through 2.5.1.... Read more

    Affected Products : wp_multi_store_locator
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-26875

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce allows SQL Injection. This issue affects Multiple Shipping And Billing Address For... Read more

    Affected Products :
    • Published: Mar. 15, 2025
    • Modified: Mar. 15, 2025

  • 9.3

    CRITICAL
    CVE-2025-25034

    A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the rest... Read more

    Affected Products : sugarcrm
    • Published: Jun. 20, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-24503

    A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server.... Read more

    • Published: Jan. 30, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-23016

    FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.... Read more

    Affected Products : fcgi
    • Published: Jan. 10, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-22523

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Schedule allows Blind SQL Injection. This issue affects Schedule: from n/a through 1.0.0.... Read more

    Affected Products : schedule
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-22540

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sebastian Orellana Emailing Subscription allows Blind SQL Injection.This issue affects Emailing Subscription: from n/a through 1.4.1.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-22655

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Caio Web Dev CWD – Stealth Links allows SQL Injection. This issue affects CWD – Stealth Links: from n/a through 1.3.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection
Showing 20 of 292868 Results