Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2025-31424

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages allows Blind SQL Injection. This issue affects WP Lead Capturing Pages: from n/a through 2.3.... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-47608

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce allows SQL Injection. This issue affects Recover abandoned cart for WooCommerce: from n/a through 2.5... Read more

    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-48141

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Zaytseff Multi CryptoCurrency Payments allows SQL Injection. This issue affects Multi CryptoCurrency Payments: from n/a through 2.0.3.... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-48281

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mystyleplatform MyStyle Custom Product Designer allows Blind SQL Injection. This issue affects MyStyle Custom Product Designer: from n/a through 3.21.1.... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-40655

    A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name parameter in /antcatalogue.asp.... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 9.3

    HIGH
    CVE-2008-0747

    Stack-based buffer overflow in COWON America jetAudio 7.0.5 and earlier allows user-assisted remote attackers to execute arbitrary code via a long URL in a .asx file, a different vulnerability than CVE-2007-5487.... Read more

    Affected Products : jetaudio_basic
    • Published: Feb. 13, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2025-49467

    A SQL injection vulnerability in JEvents component before 3.6.88 and 3.6.82.1 for Joomla was discovered. The extension is vulnerable to SQL injection via publicly accessible actions to list events by date ranges.... Read more

    Affected Products :
    • Published: Jun. 12, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-48757

    An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites. NOTE: this is disputed by the Supplier because each individual custo... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 9.3

    CRITICAL
    CVE-2025-48951

    Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. Versions 8.0.0-BETA3 prior to 8.3.1 contain a vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, ... Read more

    Affected Products : auth0
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authentication

  • 9.3

    HIGH
    CVE-2008-0715

    Buffer overflow in ACDSee Photo Manager 8.1, 9.0, and 10.0 allows user-assisted remote attackers to execute arbitrary code via a malformed XBM file. NOTE: this might be the same as CVE-2007-6009.... Read more

    Affected Products : photo_manager
    • Published: Feb. 12, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2025-5192

    A missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to bypass authentication and access application functions.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authentication

  • 9.3

    HIGH
    CVE-2007-3316

    Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora fi... Read more

    Affected Products : vlc_media_player
    • Published: Jun. 21, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-19604

    Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicio... Read more

    Affected Products : fedora debian_linux leap git
    • Published: Dec. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2025-24665

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes – Unishippers Edition allows SQL Injection. This issue affects Small Package Quotes – Unishippers Edition: from n... Read more

    Affected Products : small_package_quotes
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-24800

    Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chain interoperability. A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers.... Read more

    Affected Products :
    • Published: Jan. 28, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2025-24480

    A Remote Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to lack of input sanitation and could allow a remote attacker to run commands or code as a high privileged user.... Read more

    Affected Products :
    • Published: Jan. 28, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-23215

    PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are included in jar published to Maven Central. The private key itself is not known to have been compromised itself, but given its pa... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Cryptography

  • 9.3

    HIGH
    CVE-2008-0632

    Unrestricted file upload vulnerability in cp_upload_image.php in LightBlog 9.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the blog's root direct... Read more

    Affected Products : lightblog
    • Published: Feb. 06, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-1335

    The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 and NetBSD-current before 20071028, when the fast_ipsec subsystem is enabled, allows remote attackers to bypass the IPsec policy by sending packets from a source machine with a different ... Read more

    Affected Products : netbsd netbsd_current
    • Published: Mar. 13, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2024-43649

    Authenticated command injection in the filename of a <redacted>.exe request leads to remote code execution as the root user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate – This action is not a common ... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Injection
Showing 20 of 294714 Results