Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-14588

    A security flaw has been discovered in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /update_program.php. Performing manipulation of the argument ID results in sql injection. The attack is possible to be c... Read more

    Affected Products : student_management_system
    • Published: Dec. 13, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-13184

    Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369_B20230113 (arbitrary command execution). Earlier versions that share the same implementation, ... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Dec. 10, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2023-53923

    UliCMS 2023.1 contains a privilege escalation vulnerability that allows unauthenticated attackers to create administrative accounts through the UserController endpoint. Attackers can send a crafted POST request to /dist/admin/index.php with specific param... Read more

    Affected Products : ulicms
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-67520

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tiny Solutions Media Library Tools media-library-tools allows SQL Injection.This issue affects Media Library Tools: from n/a through <= 1.6.15.... Read more

    Affected Products : media_library_tools
    • Published: Dec. 09, 2025
    • Modified: Dec. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-60174

    Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin gf-constant-contact allows Object Injection.This issue affects WP Gravity Forms Constant Contact Plugin: from n/a through <= 1.1.2.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-14621

    A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/update_user.php. The manipulation of the argument user_id leads to sql injection. Remote exploitation of the attack is poss... Read more

    Affected Products : student_file_management_system
    • Published: Dec. 13, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-63742

    SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other c... Read more

    Affected Products : rockoa
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-14652

    A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This issue affects some unknown processing of the file /admindetail.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched remote... Read more

    Affected Products : online_cake_ordering_system
    • Published: Dec. 14, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-14344

    The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'plupload_ajax_delete_file' function in all versions up to, and including, 1.1.7. This makes it possible for... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-14644

    A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /update_subject.php. Executing manipulation of the argument ID can lead to sql injection. The attack can be executed remo... Read more

    Affected Products : student_management_system
    • Published: Dec. 14, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10738

    The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to SQL Injection via the ‘analytic_id’ parameter in all versions up to, and including, 3.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient prepa... Read more

    Affected Products :
    • Published: Dec. 13, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-58311

    Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys ... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-14585

    A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?page=zone. The manipulation of the argument ID results in sql injection. The attack may be launched remotel... Read more

    Affected Products : covid_tracking_system
    • Published: Dec. 12, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-54947

    In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely... Read more

    Affected Products : streampark
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2023-53951

    Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-13800

    A vulnerability was found in ADSLR NBR1005GPEV2 250814-r037c. This issue affects the function set_mesh_disconnect of the file /send_order.cgi. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely.... Read more

    Affected Products : b-qe2w401_firmware b-qe2w401
    • Published: Dec. 01, 2025
    • Modified: Dec. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11786

    Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword()' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf()' without any sanitisation or validation, a... Read more

    • Published: Dec. 02, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-14951

    A security vulnerability has been detected in code-projects Scholars Tracking System 1.0. The impacted element is an unknown function of the file /home.php. Such manipulation of the argument post_content leads to sql injection. The attack can be executed ... Read more

    Affected Products : scholars_tracking_system
    • Published: Dec. 19, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-59695

    Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management Board (without Authentication). This is called F04.... Read more

    • Published: Dec. 02, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-14330

    JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Dec. 09, 2025
    • Modified: Dec. 11, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4889 Results