Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-9786

    A vulnerability was found in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /teacher_signup.php. Performing manipulation of the argument firstname results in sql injection. The attack can be initiated remotely... Read more

    Affected Products : online_learning_management_system
    • Published: Sep. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9788

    A vulnerability was determined in SourceCodester/Campcodes School Log Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_class.php. Executing manipulation of the argument id_no can lead to sql inject... Read more

    • Published: Sep. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9789

    A vulnerability was identified in SourceCodester Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file /admin/edituser.php. The manipulation of the argument userid leads to sql injection. The attack may be i... Read more

    • Published: Sep. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9790

    A security flaw has been discovered in SourceCodester Hotel Reservation System 1.0. This affects an unknown part of the file /admin/updateabout.php. The manipulation of the argument address results in sql injection. The attack may be launched remotely. Th... Read more

    Affected Products : hotel_reservation_system
    • Published: Sep. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9792

    A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /e_dashboard/e_all_info.php. Such manipulation of the argument mid leads to sql injection. The attack can be... Read more

    Affected Products : apartment_management_system
    • Published: Sep. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9793

    A vulnerability was detected in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /setting/admin.php of the component Setting Handler. Performing manipulation of the argument ddlBranch results in sql injection. The ... Read more

    Affected Products : apartment_management_system
    • Published: Sep. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9794

    A flaw has been found in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/pos_transac.php?action=add. Executing manipulation of the argument cash/firstname can lead to sql injection. The att... Read more

    • Published: Sep. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-58161

    MobSF is a mobile application security testing tool used. In version 4.4.0, the GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to download files outside the DWD_DIR download directory from "... Read more

    Affected Products : mobile_security_framework
    • Published: Sep. 02, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-58162

    MobSF is a mobile application security testing tool used. In version 4.4.0, an authenticated user who uploaded a specially prepared one.a, can write arbitrary files to any directory writable by the user of the MobSF process. This issue has been patched in... Read more

    Affected Products : mobile_security_framework
    • Published: Sep. 02, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-9811

    A vulnerability was found in Campcodes Farm Management System 1.0. This affects an unknown part of the file /reviewInput.php. Performing manipulation of the argument rating results in sql injection. The attack is possible to be carried out remotely. The e... Read more

    Affected Products : farm_management_system
    • Published: Sep. 02, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9814

    A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/contact-us.php. The manipulation of the argument mobnumber results in sql injection. It is possible to launch the at... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Sep. 02, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2025-9809

    Out-of-bounds write in cdfs_open_cue_track in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding PATH_MAX_LENGTH that is copied using memcpy into a fixed-si... Read more

    Affected Products :
    • Published: Sep. 01, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-32832

    Missing Authorization vulnerability in Hamid Alinia Login with phone number.This issue affects Login with phone number: from n/a through 1.6.93.... Read more

    Affected Products : login_with_phone_number
    • Published: Aug. 31, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2025-31100

    Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management allows Upload a Web Shell to a Web Server.This issue affects School Management: from n/a through 1.93.1 (02-07-2025).... Read more

    Affected Products :
    • Published: Aug. 31, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-7405

    Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to read or write the device values of the product and stop the operation of the programs, ... Read more

    • Published: Sep. 01, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-7731

    Cleartext Transmission of Sensitive Information vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to obtain credential information by intercepting SLMP communication messages, and read ... Read more

    • Published: Sep. 01, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure

  • 5.1

    MEDIUM
    CVE-2025-44017

    "Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may obtain the JWT (JSON Web Token).... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-6507

    A vulnerability in the h2oai/h2o-3 repository allows attackers to exploit deserialization of untrusted data, potentially leading to arbitrary code execution and reading of system files. This issue affects the latest master branch version 3.47.0.99999. The... Read more

    Affected Products : h2o
    • Published: Sep. 01, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2022-38694

    In BootRom, there is a possible unchecked write address. This could lead to local escalation of privilege with no additional execution privileges needed.... Read more

    Affected Products :
    • Published: Sep. 01, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-9797

    A vulnerability was determined in mrvautin expressCart up to b31302f4e99c3293bd742c6d076a721e168118b0. This impacts an unknown function of the file /admin/product/edit/ of the component Edit Product Page. This manipulation causes injection. The attack can... Read more

    Affected Products :
    • Published: Sep. 01, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection
Showing 20 of 4253 Results