Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2025-31397

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartcms Bus Ticket Booking with Seat Reservation for WooCommerce allows SQL Injection. This issue affects Bus Ticket Booking with Seat Reservation for W... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-39501

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GoodLayers Goodlayers Hostel allows Blind SQL Injection. This issue affects Goodlayers Hostel: from n/a through 3.1.2.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-39504

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GoodLayers Goodlayers Hotel allows Blind SQL Injection. This issue affects Goodlayers Hotel: from n/a through 3.1.4.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-46539

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFable Fable Extra allows Blind SQL Injection. This issue affects Fable Extra: from n/a through 1.0.6.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-47640

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce allows SQL Injection. This issue affects Printcart Web to Print Product Designer for Wo... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 9.3

    HIGH
    CVE-2019-1311

    A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory, aka 'Windows Imaging API Remote Code Execution Vulnerability'.... Read more

    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-1297

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.... Read more

    Affected Products : office office_365_proplus excel
    • Actively Exploited
    • Published: Sep. 11, 2019
    • Modified: Apr. 07, 2025

  • 9.3

    CRITICAL
    CVE-2025-40671

    SQL injection vulnerability in AES Multimedia's Gestnet v1.07. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘fk_remoto_central’ parameter on the ‘/webservices/articles.php’ endpoint.... Read more

    Affected Products :
    • Published: May. 26, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-40664

    Missing authentication vulnerability in TCMAN GIM v11. This allows an unauthenticated attacker to access the resources /frmGestionUser.aspx/GetData, /frmGestionUser.aspx/updateUser and /frmGestionUser.aspx/DeleteUser.... Read more

    Affected Products : gim
    • Published: May. 26, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication

  • 9.3

    HIGH
    CVE-2019-1291

    A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-201... Read more

    • Published: Sep. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-1472

    Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote... Read more

    • Published: Mar. 24, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-1465

    SQL injection vulnerability in the Detodas Restaurante (com_restaurante) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php, a different product than CVE-2008-... Read more

    Affected Products : joomla\! mambo com_restaurante
    • Published: Mar. 24, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-1444

    Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI... Read more

    • Published: Jun. 12, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-1434

    Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) s... Read more

    • Published: May. 13, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-1188

    A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose ... Read more

    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-1319

    Untrusted search path and argument injection vulnerability in the VersantD service in Versant Object Database 7.0.1.3 and earlier, as used in Borland CaliberRM and probably other products, allows remote attackers to execute arbitrary commands via a reques... Read more

    Affected Products : versant_object_database
    • Published: Mar. 13, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-1183

    This information is being revised to indicate that this CVE (CVE-2019-1183) is fully mitigated by the security updates for the vulnerability discussed in CVE-2019-1194. No update is required. ... Read more

    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2025-1126

    A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-2200

    SQL injection vulnerability in the IcProgreso Innovación y Cualificación plugin. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query on the parameters user, id, idGroup, start_date and end_da... Read more

    Affected Products :
    • Published: Mar. 17, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Injection

  • 9.3

    HIGH
    CVE-2019-1151

    A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then inst... Read more

    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294713 Results