Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-15077

    A security vulnerability has been detected in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /form137.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotel... Read more

    Affected Products : student_management_system
    • Published: Dec. 25, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-15076

    A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been made available to the public and could... Read more

    Affected Products : ch22_firmware
    • Published: Dec. 25, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-66443

    Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a temporary denial of service.... Read more

    Affected Products : infinity
    • Published: Dec. 25, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-66379

    Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service.... Read more

    Affected Products : infinity
    • Published: Dec. 25, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-15078

    A vulnerability was detected in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /list_report.php. The manipulation of the argument sy results in sql injection. The attack may be launched remotely. The ex... Read more

    Affected Products : student_management_system
    • Published: Dec. 25, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-48704

    Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a denial of service.... Read more

    Affected Products : infinity
    • Published: Dec. 25, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-66377

    Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinity installation) to impact the operation of other nodes ... Read more

    Affected Products : infinity
    • Published: Dec. 25, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-67015

    Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2.5.1 allows attackers to change the Administrator password and escalate privileges via sending a crafted POST request to /Forms/admin_access_1.... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-57403

    Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL (or a portion of it) directly with a base path using os.path.join. This bypass allows directory travers... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-15109

    A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. This impacts an unknown function of the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php. This manipulation causes unrestricted upload. It is possible to i... Read more

    Affected Products :
    • Published: Dec. 27, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-15127

    A security vulnerability has been detected in FantasticLBP Hotels_Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId l... Read more

    Affected Products :
    • Published: Dec. 28, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-15140

    A vulnerability was found in saiftheboss7 onlinemcqexam up to 0e56806132971e49721db3ef01868098c7b42ada. This vulnerability affects unknown code of the file /admin/quesadd.php. Performing manipulation of the argument ans1/ans2 results in sql injection. The... Read more

    Affected Products :
    • Published: Dec. 28, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-13721

    Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    • Published: Dec. 02, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-15165

    A vulnerability has been found in itsourcecode Online Cake Ordering System 1.0. The impacted element is an unknown function of the file /updatecustomer.php?action=edit. The manipulation of the argument ID leads to sql injection. The attack may be initiate... Read more

    Affected Products : online_cake_ordering_system
    • Published: Dec. 29, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-15166

    A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown function of the file /updatesupplier.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The... Read more

    Affected Products : online_cake_ordering_system
    • Published: Dec. 29, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-15181

    A security flaw has been discovered in code-projects Refugee Food Management System 1.0. The impacted element is an unknown function of the file /home/pagenateRefugeesList.php. Performing manipulation of the argument rfid results in sql injection. Remote ... Read more

    Affected Products : refugee_food_management_system
    • Published: Dec. 29, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-15182

    A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the argument refNo can lead to sql injection. The attack can be executed remotely.... Read more

    Affected Products : refugee_food_management_system
    • Published: Dec. 29, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-15184

    A vulnerability was detected in code-projects Refugee Food Management System 1.0. Affected is an unknown function of the file /home/refugeesreport2.php. The manipulation of the argument a results in sql injection. The attack may be performed from remote. ... Read more

    Affected Products : refugee_food_management_system
    • Published: Dec. 29, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-15185

    A flaw has been found in code-projects Refugee Food Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /home/refugeesreport.php. This manipulation of the argument a causes sql injection. It is possible to initiat... Read more

    Affected Products : refugee_food_management_system
    • Published: Dec. 29, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-15186

    A vulnerability has been found in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/addusers.php. Such manipulation of the argument a leads to sql injection. It is possible to launch t... Read more

    Affected Products : refugee_food_management_system
    • Published: Dec. 29, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection
Showing 20 of 5214 Results