Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-48818

    An issue in IIT Bombay, Mumbai, India Bodhitree of cs101 version allows a remote attacker to execute arbitrary code.... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2025-28916

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Docpro allows PHP Local File Inclusion. This issue affects Docpro: from n/a through 2.0.1.... Read more

    Affected Products :
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-26004

    Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack buffer overflow vulnerability when requesting admin.cgi parameter with setDdns.... Read more

    Affected Products : tlr-2005ksh_firmware tlr-2005ksh
    • Published: Mar. 26, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-2737

    A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/contactus.php. The manipulation of the argument pagetitle leads to sql injection. It is possibl... Read more

    Affected Products : old_age_home_management_system
    • Published: Mar. 25, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-29306

    An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component.... Read more

    Affected Products : foxcms
    • Published: Mar. 27, 2025
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-49601

    Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, lead... Read more

    Affected Products : unity_operating_environment
    • Published: Mar. 28, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-30372

    Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability. `search_controller.php` does not use addslashes after urldecode, allowing the preceeding addslashes to be bypassed by URL d... Read more

    Affected Products : emlog
    • Published: Mar. 28, 2025
    • Modified: Apr. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-24292

    A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function in the aim.js component.... Read more

    Affected Products : software_development_kit
    • Published: Mar. 28, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-25579

    TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Mar. 28, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-13804

    Unauthenticated RCE in HPE Insight Cluster Management Utility... Read more

    Affected Products :
    • Published: Mar. 30, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-26683

    Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_playwright
    • Published: Mar. 31, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-31095

    Authentication Bypass Using an Alternate Path or Channel vulnerability in ho3einie Material Dashboard allows Authentication Bypass. This issue affects Material Dashboard: from n/a through 1.4.5.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-2005

    The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and including, 3.2.32. This makes it possible for unauthenticate... Read more

    Affected Products : front_end_users
    • Published: Apr. 02, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-29063

    An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/set_hidessid_cfg is not handled properly.... Read more

    Affected Products : bl-ac2100_firmware bl-ac2100
    • Published: Apr. 02, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3168

    A vulnerability was found in PHPGurukul Time Table Generator System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-class.php. The manipulation of the argument editid leads to sql i... Read more

    Affected Products : time_table_generator_system
    • Published: Apr. 03, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3171

    A vulnerability classified as critical was found in Project Worlds Online Lawyer Management System 1.0. This vulnerability affects unknown code of the file /approve_lawyer.php. The manipulation of the argument unblock_id leads to sql injection. The attack... Read more

    • Published: Apr. 03, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-22611

    OpenEMR 7.0.2 is vulnerable to SQL Injection via \openemr\library\classes\Pharmacy.class.php, \controllers\C_Pharmacy.class.php and \openemr\controller.php.... Read more

    Affected Products : openemr
    • Published: Apr. 03, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3180

    A vulnerability classified as critical was found in projectworlds Online Doctor Appointment Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /doctor/deleteschedule.php. The manipulation of the argument ID leads to... Read more

    • Published: Apr. 03, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3182

    A vulnerability, which was classified as critical, was found in projectworlds Online Doctor Appointment Booking System 1.0. This affects an unknown part of the file /patient/getschedule.php. The manipulation of the argument q leads to sql injection. It is... Read more

    • Published: Apr. 03, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3184

    A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. This issue affects some unknown processing of the file /patient/profile.php?patientId=1. The manipulation of the argument patientFirstName ... Read more

    • Published: Apr. 03, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Injection
Showing 20 of 292763 Results