Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-4936

    A vulnerability was found in projectworlds Online Food Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin-page.php. The manipulation of the argument 1_price leads to sql injection. It is possible to... Read more

    Affected Products : online_food_ordering_system
    • Published: May. 19, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-4894

    A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function gen_rsa_keys of the file common/crypto.py. The manipulation leads to inadequate encry... Read more

    Affected Products : django-sso-server
    • Published: May. 18, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-4780

    A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been rated as critical. This issue affects some unknown processing of the file /foreigner-search.php. The manipulation of the argument searchdata leads to sql injection. ... Read more

    Affected Products : park_ticketing_management_system
    • Published: May. 16, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-4770

    A vulnerability, which was classified as critical, has been found in PHPGurukul Park Ticketing Management System 2.0. This issue affects some unknown processing of the file /view-normal-ticket.php. The manipulation of the argument viewid leads to sql inje... Read more

    Affected Products : park_ticketing_management_system
    • Published: May. 16, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-3587

    A vulnerability classified as critical was found in ZeroWdd/code-projects studentmanager 1.0. This vulnerability affects unknown code of the file /getTeacherList. The manipulation leads to improper authorization. The attack can be initiated remotely. The ... Read more

    Affected Products : studentmanager studentmanager
    • Published: Apr. 14, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-3537

    A vulnerability was found in Tutorials-Website Employee Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/update-user.php. The manipulation of the argument ID leads to improper authorization. It is ... Read more

    Affected Products : employee_management_system
    • Published: Apr. 13, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-3536

    A vulnerability was found in Tutorials-Website Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete-user.php. The manipulation of the argument ID leads to improper author... Read more

    Affected Products : employee_management_system
    • Published: Apr. 13, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-47616

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tushar Imran aBlocks allows Stored XSS.This issue affects aBlocks: from n/a through 1.9.2.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2024-24488

    An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component.... Read more

    Affected Products : cp3_firmware cp3
    • Published: Feb. 07, 2024
    • Modified: Jun. 05, 2025

  • 7.2

    HIGH
    CVE-2024-24399

    An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.... Read more

    Affected Products : leptoncms
    • Published: Jan. 25, 2024
    • Modified: Jun. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-24388

    Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login.... Read more

    Affected Products : xunruicms
    • Published: Feb. 02, 2024
    • Modified: Jun. 05, 2025

  • 7.5

    HIGH
    CVE-2024-24311

    Path Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap Pro - SEO" (lgsitemaps) module for PrestaShop before version 1.6.6, a guest can download personal information without restriction.... Read more

    • Published: Feb. 07, 2024
    • Modified: Jun. 05, 2025

  • 7.5

    HIGH
    CVE-2024-24266

    gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c.... Read more

    Affected Products : gpac
    • Published: Feb. 05, 2024
    • Modified: Jun. 05, 2025

  • 7.5

    HIGH
    CVE-2024-24258

    freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.... Read more

    Affected Products : mupdf
    • Published: Feb. 05, 2024
    • Modified: Jun. 05, 2025

  • 4.2

    MEDIUM
    CVE-2024-24254

    PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp. This will result in the drone uploading overlapping geofenc... Read more

    Affected Products : px4_drone_autopilot
    • Published: Feb. 06, 2024
    • Modified: Jun. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-24135

    Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks.... Read more

    • Published: Jan. 29, 2024
    • Modified: Jun. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-24131

    SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php.... Read more

    Affected Products : superwebmailer
    • Published: Feb. 07, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-24019

    A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/roleDataPerm/list... Read more

    Affected Products : novel-plus
    • Published: Feb. 07, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-24014

    A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/author/list... Read more

    Affected Products : novel-plus
    • Published: Feb. 08, 2024
    • Modified: Jun. 05, 2025

  • 6.5

    MEDIUM
    CVE-2024-22027

    Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services.... Read more

    Affected Products : quiz_maker
    • Published: Jan. 12, 2024
    • Modified: Jun. 05, 2025
Showing 20 of 292768 Results