Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-27520

    BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version (v1.4.2) of BentoML. It all... Read more

    Affected Products : bentoml
    • Published: Apr. 04, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2023-40629

    SQLi vulnerability in LMS Lite component for Joomla.... Read more

    Affected Products : lms_king_lite
    • EPSS Score: %0.73
    • Published: Dec. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-40630

    Unauthenticated LFI/SSRF in JCDashboards component for Joomla.... Read more

    Affected Products : jcdashboard
    • EPSS Score: %0.28
    • Published: Dec. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-3352

    A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-scdetails.php. The manipulation of the argument contnum leads to sql inject... Read more

    Affected Products : old_age_home_management_system
    • Published: Apr. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3371

    A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component DELETE Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotel... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: Apr. 07, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-3376

    A vulnerability was found in PCMan FTP Server 2.0.7. It has been declared as critical. This vulnerability affects unknown code of the component CONF Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The expl... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: Apr. 07, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-3378

    A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component EPRT Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit ha... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: Apr. 07, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-3400

    A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.205_20250114. This affects an unknown part of the file /client/UnChkMailApplication.jsp. The manipulation of the argument typename leads to sql injection. It is possibl... Read more

    Affected Products : cdg
    • Published: Apr. 08, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-32577

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online allows PHP Local File Inclusion. This issue affects Build App Online: from n/a through 1.0.23.... Read more

    Affected Products : build_app_online
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-3690

    A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-services.php. The manipulation of the argument cost leads to sql injection. The attack m... Read more

    Affected Products : men_salon_management_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3724

    A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. Affected is an unknown function of the component DIR Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exp... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: Apr. 16, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-28009

    A SQL Injection vulnerability exists in the `u` parameter of the progress-body-weight.php endpoint of Dietiqa App v1.0.20.... Read more

    Affected Products : dietiqa
    • Published: Apr. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-53591

    An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brute force attack.... Read more

    Affected Products : seclore
    • Published: Apr. 18, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-3819

    A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/search-appointment.php. The manipulation of the argument searchdata lead... Read more

    Affected Products : men_salon_management_system
    • Published: Apr. 19, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3827

    A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The att... Read more

    Affected Products : men_salon_management_system
    • Published: Apr. 20, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3830

    A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It has been declared as critical. Affected by this vulnerability is the function fileUpload of the file src/main/java/com/kuang/controller/QuestionController.java. The manipulation of the argumen... Read more

    Affected Products : kuangsimplebbs
    • Published: Apr. 20, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-3841

    A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the argument... Read more

    Affected Products : jam
    • Published: Apr. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-49707

    SQLi vulnerability in S5 Register module for Joomla.... Read more

    Affected Products : s5_register
    • EPSS Score: %0.73
    • Published: Dec. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-2907

    The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. ... Read more

    • Published: Apr. 26, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-3956

    A vulnerability has been found in 201206030 novel-cloud 1.4.0 and classified as critical. This vulnerability affects the function RestResp of the file novel-cloud-master/novel-book/novel-book-service/src/main/resources/mapper/BookInfoMapper.xml. The manip... Read more

    Affected Products : novel-cloud
    • Published: Apr. 27, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Injection
Showing 20 of 292737 Results