Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-11920

    The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. This makes it possible for authenticated attackers, with Contributor-level access a... Read more

    Affected Products : wpcom_member
    • Published: Nov. 01, 2025
    • Modified: Nov. 01, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-60311

    ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection via the "id" parameter in the profile/edit.php page... Read more

    • Published: Oct. 08, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-49949

    Missing Authorization vulnerability in templazee Templazee templazee allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templazee: from n/a through <= 1.0.2.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-11410

    A flaw has been found in Campcodes Advanced Online Voting Management System 1.0. This affects an unknown function of the file /admin/voters_add.php. Executing manipulation of the argument firstname can lead to sql injection. The attack can be executed rem... Read more

    Affected Products : advanced_online_voting_system
    • Published: Oct. 07, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-60215

    Deserialization of Untrusted Data vulnerability in designthemes Kriya kriya allows Object Injection.This issue affects Kriya: from n/a through <= 3.4.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-54405

    Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to t... Read more

    Affected Products : wgr-500_firmware wgr-500
    • Published: Oct. 07, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-54406

    Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to t... Read more

    Affected Products : wgr-500_firmware wgr-500
    • Published: Oct. 07, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-54403

    Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerab... Read more

    Affected Products : wgr-500_firmware wgr-500
    • Published: Oct. 07, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11398

    A weakness has been identified in SourceCodester Hotel and Lodge Management System 1.0. The impacted element is an unknown function of the file /profile.php of the component Profile Page. Executing manipulation of the argument image can lead to unrestrict... Read more

    Affected Products : hotel_and_lodge_management_system
    • Published: Oct. 07, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-48826

    A format string vulnerability exists in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to memory corruption. An attacker can send a series of HTTP requests to trigger this vulnerability... Read more

    Affected Products : wgr-500_firmware wgr-500
    • Published: Oct. 07, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-27060

    Memory corruption while performing SCM call with malformed inputs.... Read more

    • Published: Oct. 09, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-40886

    A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SQL statements on the DBMS used by the web application, potential... Read more

    Affected Products : cmc guardian
    • Published: Oct. 07, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-54401

    Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP reques... Read more

    Affected Products : wgr-500_firmware wgr-500
    • Published: Oct. 07, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-11359

    A security vulnerability has been detected in code-projects Simple Banking System 1.0. The affected element is an unknown function of the file /transfermoney.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attac... Read more

    • Published: Oct. 07, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11409

    A vulnerability was detected in Campcodes Advanced Online Voting Management System 1.0. The impacted element is an unknown function of the file /index.php. Performing manipulation of the argument voter results in sql injection. Remote exploitation of the ... Read more

    Affected Products : advanced_online_voting_system
    • Published: Oct. 07, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11358

    A weakness has been identified in code-projects Simple Banking System 1.0. Impacted is an unknown function of the file /removeuser.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit h... Read more

    • Published: Oct. 07, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-54402

    Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP reques... Read more

    Affected Products : wgr-500_firmware wgr-500
    • Published: Oct. 07, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-60211

    Incorrect Privilege Assignment vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Privilege Escalation.This issue affects WooCommerce Registration Fields Plugin - Custom Signup Fie... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-59295

    Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 17, 2025

  • 8.8

    HIGH
    CVE-2025-54400

    Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP reques... Read more

    Affected Products : wgr-500_firmware wgr-500
    • Published: Oct. 07, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 3809 Results