Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-47029

    An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to the UserService component... Read more

    Affected Products : terminal_handler
    • Published: Jun. 23, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-6560

    Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials.  The affected mo... Read more

    Affected Products : br270n_firmware brc76n_firmware
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-43879

    WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in the telnet function. If a remote unauthenticated attacker sends a specially crafted request to the affected pr... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6567

    A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file Recruitment/admin/view_application.php. The manipulation of the argument ID leads to sql... Read more

    • Published: Jun. 24, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-51978

    An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IP... Read more

    Affected Products :
    • Published: Jun. 25, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-12150

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eron Software Wowwo CRM allows Blind SQL Injection.This issue affects . NOTE: The vendor did not inform about the completion of the fixing process within... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6819

    A vulnerability has been found in code-projects Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /php_action/removeBrand.php. The manipulation of the argument brandId leads ... Read more

    Affected Products : inventory_management_system
    • Published: Jun. 28, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6820

    A vulnerability was found in code-projects Inventory Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /php_action/createProduct.php. The manipulation of the argument productName leads to sq... Read more

    Affected Products : inventory_management_system
    • Published: Jun. 28, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6823

    A vulnerability was found in code-projects Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /php_action/editProduct.php. The manipulation of the argument editProductName leads to sql in... Read more

    Affected Products : inventory_management_system
    • Published: Jun. 28, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6900

    A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-book.php. The manipulation of the argument image leads to unrestricted upload. The attack can be initia... Read more

    Affected Products : library_system
    • Published: Jun. 30, 2025
    • Modified: Jul. 01, 2025

  • 9.8

    CRITICAL
    CVE-2025-7135

    A vulnerability, which was classified as critical, has been found in Campcodes Online Recruitment Management System 1.0. This issue affects some unknown processing of the file /admin/ajax.php?action=save_vacancy. The manipulation of the argument ID leads ... Read more

    • Published: Jul. 07, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7185

    A vulnerability was found in code-projects Library System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /approve.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remo... Read more

    Affected Products : library_system
    • Published: Jul. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-4708

    mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.... Read more

    Affected Products : mypro
    • Published: Jul. 02, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-7436

    A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=delete_vacancy. The manipulation of the argument ID leads to sql ... Read more

    • Published: Jul. 11, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7509

    A vulnerability, which was classified as critical, was found in code-projects Modern Bag 1.0. This affects an unknown part of the file /admin/slide.php. The manipulation of the argument idSlide leads to sql injection. It is possible to initiate the attack... Read more

    Affected Products : modern_bag
    • Published: Jul. 13, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7607

    A vulnerability, which was classified as critical, has been found in code-projects Simple Shopping Cart 1.0. This issue affects some unknown processing of the file /Customers/save_order.php. The manipulation of the argument order_price leads to sql inject... Read more

    Affected Products : simple_shopping_cart
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-50756

    Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_adm function via the newpass parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7360

    The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation in the handle_files_upload() function in all versions up to, and ... Read more

    • Published: Jul. 15, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-49838

    GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPreDeEcho. The model_choose variable takes user input (e.g. a path to a model) and passes it ... Read more

    Affected Products : gpt-sovits-webui
    • Published: Jul. 15, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-52836

    Incorrect Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP allows Privilege Escalation. This issue affects The E-Commerce ERP: from n/a through 2.1.1.3.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authorization
Showing 20 of 294513 Results