Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-9726

    A security flaw has been discovered in Campcodes Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /review.php. The manipulation of the argument pid results in sql injection. The attack may be launched remo... Read more

    Affected Products : farm_management_system
    • Published: Aug. 31, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9704

    A security flaw has been discovered in SourceCodester Water Billing System 1.0. This impacts an unknown function of the file /viewbill.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has ... Read more

    Affected Products : water_billing_system
    • Published: Aug. 30, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10025

    A vulnerability has been found in PHPGurukul Online Course Registration 3.1. Affected is an unknown function of the file /admin/semester.php. The manipulation of the argument semester leads to sql injection. It is possible to initiate the attack remotely.... Read more

    Affected Products : online_course_registration
    • Published: Sep. 05, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10687

    A vulnerability was found in SourceCodester Responsive E-Learning System 1.0. This affects an unknown part of the file /admin/add_teacher.php. The manipulation of the argument Username results in sql injection. It is possible to launch the attack remotely... Read more

    Affected Products : responsive_e-learning_system
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-59361

    The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10439

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yordam Informatics Yordam Library Automation System allows SQL Injection.This issue affects Yordam Library Automation System: from 21.5 & 21.6 before 21.... Read more

    Affected Products :
    • Published: Sep. 17, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9971

    Certain models of Industrial Cellular Gateway developed by Planet Technology have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to manipulate the device via a specific functionality.... Read more

    Affected Products :
    • Published: Sep. 17, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-9832

    A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the file /routers/register-router.php. Such manipulation of the argument phone leads to sql injection. The attack may be p... Read more

    Affected Products : food_ordering_management_system
    • Published: Sep. 02, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-54491

    A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a maliciou... Read more

    Affected Products : libbiosig
    • Published: Aug. 25, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-6507

    A vulnerability in the h2oai/h2o-3 repository allows attackers to exploit deserialization of untrusted data, potentially leading to arbitrary code execution and reading of system files. This issue affects the latest master branch version 3.47.0.99999. The... Read more

    Affected Products : h2o
    • Published: Sep. 01, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-6544

    A deserialization vulnerability exists in h2oai/h2o-3 versions <= 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited... Read more

    Affected Products : h2o
    • Published: Sep. 21, 2025
    • Modified: Sep. 21, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-9592

    A vulnerability was detected in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/bill_info.php. Performing manipulation of the argument vid results in sql injection. Remote exploitation of the at... Read more

    Affected Products : apartment_management_system
    • Published: Aug. 28, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10127

    Daikin Europe N.V Security Gateway is vulnerable to an authorization bypass through a user-controlled key vulnerability that could allow an attacker to bypass authentication. An unauthorized attacker could access the system without prior credentials.... Read more

    Affected Products :
    • Published: Sep. 11, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-10109

    A vulnerability was determined in Campcodes Online Loan Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=delete_payment. Executing manipulation of the argument ID can lead to sql injection. The attack may be l... Read more

    Affected Products : online_loan_management_system
    • Published: Sep. 08, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-32486

    Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material Dashboard. This issue affects Material Dashboard: from n/a through 1.4.6.... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-10479

    A security flaw has been discovered in SourceCodester Online Student File Management System 1.0. The impacted element is an unknown function of the file /index.php. Performing manipulation of the argument stud_no results in sql injection. The attack may b... Read more

    • Published: Sep. 15, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7776

    Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded... Read more

    • Published: Aug. 26, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-50900

    An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.web.RebuildWebInterceptor, and the affected function is preHandle In the filter code, use CodecUtils.urlDecode(request.getRequestURI()) to obtain the URL-de... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-50722

    Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component... Read more

    Affected Products : sparkshop
    • Published: Aug. 25, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-55050

    CWE-1242: Inclusion of Undocumented Features... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 3903 Results