Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-10403

    A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown function of the file /admin/view-enquiry.php. The manipulation of the argument viewid leads to sql injection. The attack is possible to be carried o... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Sep. 14, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10410

    A security vulnerability has been detected in SourceCodester Link Status Checker 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument proxy leads to server-side request forgery. The attack may be initiated r... Read more

    Affected Products : link_status_checker
    • Published: Sep. 14, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-26399

    SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass ... Read more

    Affected Products : web_help_desk
    • Published: Sep. 23, 2025
    • Modified: Sep. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10265

    Certain models of NVR developed by Digiever has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-25737

    Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack secure password requirements for its BIOS Supervisor and User accounts, allowing attackers to bypass authentication via a... Read more

    • Published: Aug. 26, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-10426

    A security flaw has been discovered in itsourcecode Online Laundry Management System 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the at... Read more

    • Published: Sep. 15, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10025

    A vulnerability has been found in PHPGurukul Online Course Registration 3.1. Affected is an unknown function of the file /admin/semester.php. The manipulation of the argument semester leads to sql injection. It is possible to initiate the attack remotely.... Read more

    Affected Products : online_course_registration
    • Published: Sep. 05, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10435

    A security flaw has been discovered in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/cust_edit1.php. The manipulation of the argument ID results in sql injection. The attack may be perfor... Read more

    • Published: Sep. 15, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9509

    A security flaw has been discovered in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/fair_info_all.php. Performing manipulation of the argument fid results in sql injection. The attack can be ... Read more

    Affected Products : apartment_management_system
    • Published: Aug. 27, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-55232

    Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network.... Read more

    Affected Products : microsoft_hpc_pack_2019
    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025

  • 9.8

    CRITICAL
    CVE-2025-52122

    Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection for all users that have access to editing a form (submission title).... Read more

    Affected Products : freeform
    • Published: Aug. 27, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-59361

    The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-58448

    rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 0d89ae0 have a SQL Injection in the PartyBooking component via `WorldName` parameter. Commit 0d89ae0 fixes the issue.... Read more

    Affected Products : rathena
    • Published: Sep. 09, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10667

    A weakness has been identified in itsourcecode Online Discussion Forum 1.0. Affected by this issue is some unknown functionality of the file /members/compose_msg.php. This manipulation of the argument ID causes sql injection. The attack is possible to be ... Read more

    Affected Products : online_discussion_forum
    • Published: Sep. 18, 2025
    • Modified: Sep. 20, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9083

    The Ninja Forms WordPress plugin before 3.11.1 unserializes user input via form field, which could allow Unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.... Read more

    Affected Products : ninja_forms
    • Published: Sep. 18, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-57441

    The Blackmagic ATEM Mini Pro 2.7 exposes sensitive device and stream configuration information via an unauthenticated Telnet service on port 9990. Upon connection, the attacker can access a protocol preamble that leaks the video mode, routing configuratio... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-9847

    A weakness has been identified in ScriptAndTools Real Estate Management System 1.0. Impacted is an unknown function of the file register.php. This manipulation of the argument uimage causes unrestricted upload. Remote exploitation of the attack is possibl... Read more

    Affected Products : real_estate_management_system
    • Published: Sep. 03, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-9406

    A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.uploadImage. This manipulation of the argument Upload cau... Read more

    Affected Products : lemon
    • Published: Aug. 25, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-7955

    The RingCentral Communications plugin for WordPress is vulnerable to Authentication Bypass due to improper validation within the ringcentral_admin_login_2fa_verify() function in versions 1.5 to 1.6.8. This makes it possible for unauthenticated attackers t... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-36904

    WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384.... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
Showing 20 of 4367 Results