Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-0637

    It has been found that the Beta10 software does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to access private areas and/or areas intended for oth... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-0357

    The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenti... Read more

    Affected Products : wpbookit wpbookit
    • Published: Jan. 25, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-57052

    An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file.... Read more

    Affected Products : youdiancms
    • Published: Jan. 27, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-0872

    A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file /addpayment.php. The manipulation of the argument id/amount/desc/inccat leads to sql injection. It is possib... Read more

    Affected Products : tailoring_management_system
    • Published: Jan. 30, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-53356

    Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote attackers to generate JWT for privilege escalation. The HMAC secret used for generating tokens is hardcoded as "somerandomaccesstoken". A weak HMAC secret pose... Read more

    Affected Products : co2scope dcscope
    • Published: Jan. 31, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-48445

    An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via the rid, tid, et, and ts parameters.... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2020-36084

    SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote attackers to inject sql query in /elearning/delete_teacher_students.php?id= parameter via id field.... Read more

    Affected Products : responsive_e-learning_system
    • Published: Feb. 05, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1066

    OpenPLC_V3 contains an arbitrary file upload vulnerability, which could be leveraged for malvertising or phishing campaigns.... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-57707

    An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and password components.... Read more

    Affected Products : dataease
    • Published: Feb. 07, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-0316

    The WP Directorybox Manager plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.5. This is due to incorrect authentication in the 'wp_dp_enquiry_agent_contact_form_submit_callback' function. This makes it possib... Read more

    Affected Products :
    • Published: Feb. 08, 2025
    • Modified: Feb. 08, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-1167

    A vulnerability was found in Mayuri K Employee Management System up to 192.168.70.3 and classified as critical. Affected by this issue is some unknown functionality of the file /hr_soft/admin/Update_User.php. The manipulation of the argument id leads to s... Read more

    Affected Products : employee_management_system
    • Published: Feb. 11, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57604

    An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component.... Read more

    Affected Products : ezbookkeeping
    • Published: Feb. 12, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-4282

    Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22.... Read more

    Affected Products : brocade_sannav
    • Published: Feb. 15, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-12562

    The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2member_pro_remote_op' vulnerable parameter. This makes it possible for unauthentica... Read more

    Affected Products : s2member
    • Published: Feb. 15, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1387

    Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user.... Read more

    Affected Products : orca_hcm
    • Published: Feb. 17, 2025
    • Modified: Feb. 17, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2023-46271

    Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, has a buffer overflow. This issue arises from the ah_webui service, which listens on TCP port 3009 by default.... Read more

    Affected Products :
    • Published: Feb. 19, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-24989

    An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected... Read more

    Affected Products : power_pages
    • Actively Exploited
    • Published: Feb. 19, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-57401

    SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot Password function.... Read more

    Affected Products :
    • Published: Feb. 20, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-25676

    Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function.... Read more

    Affected Products : i12 i12_firmware
    • Published: Feb. 20, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-26966

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5.... Read more

    Affected Products : privatecontent
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authentication
Showing 20 of 292733 Results