Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-4237

    A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this issue is some unknown functionality of the component MDELETE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. ... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: May. 03, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2015-8031

    Hudson (aka org.jvnet.hudson.main:hudson-core) before 3.3.2 allows XXE attacks.... Read more

    Affected Products : hudson
    • Published: Jul. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-4264

    A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/edit-ambulance.php. The manipulation of the argument dconnum leads to sql injection. It is possib... Read more

    Affected Products : emergency_ambulance_hiring_portal
    • Published: May. 05, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2014-125040

    A vulnerability was found in stevejagodzinski DevNewsAggregator. It has been rated as critical. Affected by this issue is the function getByName of the file php/data_access/RemoteHtmlContentDataAccess.php. The manipulation of the argument name leads to sq... Read more

    Affected Products : devnewsaggregator
    • Published: Jan. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-57232

    NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.... Read more

    Affected Products : rax50_firmware rax50
    • Published: May. 05, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-43843

    Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables exp_dir1, np7 and f0method8 take user input and pass it into the extract_f0_feature functi... Read more

    • Published: May. 05, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4312

    A vulnerability, which was classified as critical, has been found in SourceCodester Advanced Web Store 1.0. This issue affects some unknown processing of the file /productdetail.php. The manipulation of the argument prodid leads to sql injection. The atta... Read more

    Affected Products : advanced_web_store
    • Published: May. 06, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-34767

    Web page which "wizardpwd.asp" ALLNET Router model WR0500AC is prone to Authorization bypass vulnerability – the password, located at "admin" allows changing the http[s]://wizardpwd.asp/cgi-bin. Does not validate the user's identity and can be accessed pu... Read more

    Affected Products : all-wr0500ac_firmware all-wr0500ac
    • Published: Jul. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-4332

    A vulnerability was found in PHPGurukul Company Visitor Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /visitor-detail.php. The manipulation of the argument editid/remark leads to sql inj... Read more

    Affected Products : company_visitor_management_system
    • Published: May. 06, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-34983

    The scu-captcha package in PyPI v0.0.1 to v0.0.4 included a code execution backdoor inserted by a third party.... Read more

    Affected Products : scu-captcha
    • Published: Jul. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-20143

    A vulnerability, which was classified as critical, has been found in Itech Movie Portal Script 7.36. This issue affects some unknown processing of the file /film-rating.php. The manipulation of the argument v leads to sql injection (Error). The attack may... Read more

    Affected Products : movie_portal_script
    • Published: Jul. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-125041

    A vulnerability classified as critical was found in Miccighel PR-CWT. This vulnerability affects unknown code. The manipulation leads to sql injection. The patch is identified as e412127d07004668e5a213932c94807d87067a1f. It is recommended to apply a patch... Read more

    Affected Products : progetto-complementi
    • Published: Jan. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34500

    The bin-collect package in PyPI before v0.1 included a code execution backdoor inserted by a third party.... Read more

    Affected Products : pypi
    • Published: Jul. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-4355

    A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been classified as critical. This affects the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remo... Read more

    Affected Products : dap-1520_firmware dap-1520
    • Published: May. 06, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4358

    A vulnerability classified as critical has been found in PHPGurukul Company Visitor Management System 2.0. Affected is an unknown function of the file /admin-profile.php. The manipulation of the argument adminname/mobilenumber leads to sql injection. It i... Read more

    Affected Products : company_visitor_management_system
    • Published: May. 06, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-36450

    Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL.... Read more

    Affected Products : obsidian
    • Published: Jul. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23451

    The package otp-generator before 3.0.0 are vulnerable to Insecure Randomness due to insecure generation of random one-time passwords, which may allow a brute-force attack.... Read more

    Affected Products : otp-generator
    • Published: Jul. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-44073

    SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php.... Read more

    Affected Products : seacms
    • Published: May. 06, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3844

    The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2. This is due to handel_ajax_req() function not having proper restrictions on the change_user_meta functionality that makes it po... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-32403

    An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to corrupt the memory of IO devices that use the library by sending a malicious RPC packet.... Read more

    Affected Products : p-net
    • Published: May. 07, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293620 Results