Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-55835

    File Upload vulnerability in SueamCMS v.0.1.2 allows a remote attacker to execute arbitrary code via the lack of filtering.... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-9420

    A flaw has been found in itsourcecode Apartment Management System 1.0. The impacted element is an unknown function of the file /floor/addfloor.php. Executing manipulation of the argument hdnid can lead to sql injection. The attack can be launched remotely... Read more

    Affected Products : apartment_management_system
    • Published: Aug. 25, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9426

    A weakness has been identified in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /package.php. Executing manipulation of the argument subcatid can lead to sql injection. The attack may be performed from... Read more

    • Published: Aug. 25, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10435

    A security flaw has been discovered in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/cust_edit1.php. The manipulation of the argument ID results in sql injection. The attack may be perfor... Read more

    • Published: Sep. 15, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-26399

    SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass ... Read more

    Affected Products : web_help_desk
    • Published: Sep. 23, 2025
    • Modified: Sep. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9472

    A vulnerability was found in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /owner_utility/add_owner_utility.php. The manipulation of the argument ID results in sql injection. The attack can be execute... Read more

    Affected Products : apartment_management_system
    • Published: Aug. 26, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10025

    A vulnerability has been found in PHPGurukul Online Course Registration 3.1. Affected is an unknown function of the file /admin/semester.php. The manipulation of the argument semester leads to sql injection. It is possible to initiate the attack remotely.... Read more

    Affected Products : online_course_registration
    • Published: Sep. 05, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-59361

    The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-13149

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arma Store Armalife allows SQL Injection.This issue affects Armalife: through 202... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-59304

    A directory traversal issue in Swetrix Web Analytics API 3.1.1 before 7d8b972 allows a remote attacker to achieve Remote Code Execution via a crafted HTTP request.... Read more

    Affected Products :
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-9832

    A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the file /routers/register-router.php. Such manipulation of the argument phone leads to sql injection. The attack may be p... Read more

    Affected Products : food_ordering_management_system
    • Published: Sep. 02, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9700

    A flaw has been found in SourceCodester Online Book Store 1.0. This issue affects some unknown processing of the file /publisher_list.php. This manipulation of the argument pubid causes sql injection. It is possible to initiate the attack remotely. The ex... Read more

    Affected Products : online_book_store
    • Published: Aug. 30, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9972

    Certain models of Industrial Cellular Gateway developed by Planet Technology have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the device.... Read more

    Affected Products :
    • Published: Sep. 17, 2025
    • Modified: Sep. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10127

    Daikin Europe N.V Security Gateway is vulnerable to an authorization bypass through a user-controlled key vulnerability that could allow an attacker to bypass authentication. An unauthorized attacker could access the system without prior credentials.... Read more

    Affected Products :
    • Published: Sep. 11, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-9770

    A weakness has been identified in Campcodes Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ of the component Admin Dashboard Login. This manipulation of the argument Password causes sql inject... Read more

    • Published: Sep. 01, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10436

    A weakness has been identified in Campcodes Computer Sales and Inventory System 1.0. The impacted element is an unknown function of the file /pages/sup_searchfrm.php?action=edit. This manipulation of the argument ID causes sql injection. It is possible to... Read more

    • Published: Sep. 15, 2025
    • Modified: Sep. 20, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10414

    A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_customer. Performing manipulation of the argument ID results in sql injection. The attack is possi... Read more

    • Published: Sep. 14, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9971

    Certain models of Industrial Cellular Gateway developed by Planet Technology have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to manipulate the device via a specific functionality.... Read more

    Affected Products :
    • Published: Sep. 17, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-10447

    A vulnerability was detected in Campcodes Online Job Finder System 1.0. The impacted element is an unknown function of the file /eris/applicationform.php. The manipulation of the argument picture results in unrestricted upload. It is possible to launch th... Read more

    Affected Products : online_job_finder_system
    • Published: Sep. 15, 2025
    • Modified: Sep. 20, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-9509

    A security flaw has been discovered in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/fair_info_all.php. Performing manipulation of the argument fid results in sql injection. The attack can be ... Read more

    Affected Products : apartment_management_system
    • Published: Aug. 27, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection
Showing 20 of 4426 Results