Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-10662

    A vulnerability has been found in SeaCMS up to 13.3. The impacted element is an unknown function of the file /admin_members.php?ac=editsave. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has ... Read more

    Affected Products : seacms
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10424

    A vulnerability was determined in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The affected element is an unknown function of the file /admin/controller/faculty_controller.php. This manipulation of the argument new_imag... Read more

    • Published: Sep. 15, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-9475

    A flaw has been found in SourceCodester Human Resource Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin_Dashboard/process/editemployee_process.php. This manipulation of the argument employee_file201 cau... Read more

    Affected Products : human_resource_information_system
    • Published: Aug. 26, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-10403

    A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown function of the file /admin/view-enquiry.php. The manipulation of the argument viewid leads to sql injection. The attack is possible to be carried o... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Sep. 14, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10410

    A security vulnerability has been detected in SourceCodester Link Status Checker 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument proxy leads to server-side request forgery. The attack may be initiated r... Read more

    Affected Products : link_status_checker
    • Published: Sep. 14, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-10452

    Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges.... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-10265

    Certain models of NVR developed by Digiever has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10025

    A vulnerability has been found in PHPGurukul Online Course Registration 3.1. Affected is an unknown function of the file /admin/semester.php. The manipulation of the argument semester leads to sql injection. It is possible to initiate the attack remotely.... Read more

    Affected Products : online_course_registration
    • Published: Sep. 05, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10147

    The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'move_as_original_file' function in all versions up to, and including, 4.2.6. This makes it possible for unauthenticated ... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 23, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-53118

    An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM.... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-10435

    A security flaw has been discovered in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/cust_edit1.php. The manipulation of the argument ID results in sql injection. The attack may be perfor... Read more

    • Published: Sep. 15, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9406

    A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.uploadImage. This manipulation of the argument Upload cau... Read more

    Affected Products : lemon
    • Published: Aug. 25, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-9508

    A vulnerability was detected in itsourcecode Apartment Management System 1.0. The impacted element is an unknown function of the file /report/rented_info.php. The manipulation of the argument rsid results in sql injection. The attack may be launched remot... Read more

    Affected Products : apartment_management_system
    • Published: Aug. 27, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-22408

    In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Aug. 26, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-59361

    The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-54491

    A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a maliciou... Read more

    Affected Products : libbiosig
    • Published: Aug. 25, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-10667

    A weakness has been identified in itsourcecode Online Discussion Forum 1.0. Affected by this issue is some unknown functionality of the file /members/compose_msg.php. This manipulation of the argument ID causes sql injection. The attack is possible to be ... Read more

    Affected Products : online_discussion_forum
    • Published: Sep. 18, 2025
    • Modified: Sep. 20, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9492

    A vulnerability was determined in Campcodes Online Water Billing System 1.0. This affects an unknown function of the file /addclient1.php. Executing manipulation of the argument lname can lead to sql injection. The attack can be launched remotely. The exp... Read more

    Affected Products : online_water_billing_system
    • Published: Aug. 26, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10459

    A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/all-appointment.php. The manipulation of the argument delid results in sql injection. The attack can be executed remote... Read more

    • Published: Sep. 15, 2025
    • Modified: Sep. 20, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9699

    A vulnerability was detected in SourceCodester Online Polling System Code 1.0. This vulnerability affects unknown code of the file /admin/checklogin.php. The manipulation of the argument myusername results in sql injection. The attack may be performed fro... Read more

    Affected Products : online_polling_system
    • Published: Aug. 30, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Injection
Showing 20 of 4362 Results