Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-15011

    A vulnerability was found in code-projects Simple Stock System 1.0. Impacted is an unknown function of the file /logout.php. The manipulation of the argument uname results in sql injection. The attack can be executed remotely. The exploit has been made pu... Read more

    Affected Products : simple_stock_system
    • Published: Dec. 22, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-14968

    A security flaw has been discovered in code-projects Simple Stock System 1.0. Affected by this issue is some unknown functionality of the file /market/update.php. The manipulation of the argument email results in sql injection. The attack can be launched ... Read more

    Affected Products : simple_stock_system
    • Published: Dec. 19, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-13783

    A security flaw has been discovered in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. This affects the function check/uncheck/delete of the file application/Comment/Controller/CommentadminController.class.php of the component CommentadminCon... Read more

    Affected Products : wtcms
    • Published: Nov. 30, 2025
    • Modified: Dec. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-53914

    UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted POST request to the admin index.php endpoint with specifi... Read more

    Affected Products : ulicms
    • Published: Dec. 17, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-41742

    Sprecher Automations SPRECON-E-C,  SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access an... Read more

    Affected Products :
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-15016

    Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information and log into the system as any user.... Read more

    Affected Products : enterprise_cloud_database
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-13786

    A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content results in code injection. It is possible to initiate the a... Read more

    Affected Products : wtcms
    • Published: Nov. 30, 2025
    • Modified: Dec. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-53899

    PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTTP requests to arbitrary endpoints d... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2018-25135

    Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to tri... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-13539

    The FindAll Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.4. This is due to the plugin not properly logging in a user with the data that was previously verified through the 'findall_member... Read more

    Affected Products :
    • Published: Nov. 27, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-66565

    Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's cryptographic random number generator (crypto/rand) fails, both functions silently fall back to returning predictable UUID values, inclu... Read more

    Affected Products : utils
    • Published: Dec. 09, 2025
    • Modified: Dec. 11, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2023-53895

    PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious Jav... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2023-53921

    SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. Attackers can upload a .phar file with system command execution payload to compromise the web application ... Read more

    Affected Products :
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2018-25134

    Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypass vulnerability in the webNewAcct.cgi script that allows unauthenticated attackers to create admin user accounts. Attackers can exploit the missing control check by sending crafted POST... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-67516

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows Blind SQL Injection.This issue affects Store Locator WordPress: from n/a through <= 1.6.2.... Read more

    Affected Products : store_locator
    • Published: Dec. 09, 2025
    • Modified: Dec. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-14336

    A vulnerability was found in itsourcecode Student Management System 1.0. Affected by this issue is some unknown functionality of the file /promote.php. The manipulation of the argument sy results in sql injection. It is possible to launch the attack remot... Read more

    Affected Products : student_management_system
    • Published: Dec. 09, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-14321

    Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Dec. 09, 2025
    • Modified: Dec. 11, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2018-25154

    GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the a... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-64233

    Deserialization of Untrusted Data vulnerability in BoldThemes Codiqa codiqa allows Object Injection.This issue affects Codiqa: from n/a through < 1.2.8.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-14249

    A security flaw has been discovered in code-projects Online Ordering System 1.0. The affected element is an unknown function of the file /user_school.php. The manipulation of the argument product_id results in sql injection. The attack may be performed fr... Read more

    Affected Products : online_ordering_system
    • Published: Dec. 08, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Injection
Showing 20 of 4911 Results