Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2024-8694

    A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument... Read more

    Affected Products : jfinalcms
    • Published: Sep. 11, 2024
    • Modified: Jun. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-5379

    A vulnerability was found in JFinalCMS up to 20240111. It has been rated as problematic. This issue affects some unknown processing of the file /admin/template. The manipulation of the argument directory leads to cross site scripting. The attack may be in... Read more

    Affected Products : jfinalcms
    • Published: May. 26, 2024
    • Modified: Jun. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-5310

    A vulnerability classified as problematic has been found in JFinalCMS up to 20221020. This affects an unknown part of the file /admin/content. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remo... Read more

    Affected Products : jfinalcms
    • Published: May. 24, 2024
    • Modified: Jun. 05, 2025

  • 8.8

    HIGH
    CVE-2024-3431

    A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file /login.php?m=admin&c=Field&a=channel_edit of the component Backend. The manipulation of the argument channel_id leads to dese... Read more

    Affected Products : eyoucms
    • Published: Apr. 07, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-2014

    A vulnerability classified as critical was found in Panabit Panalog 202103080942. This vulnerability affects unknown code of the file /Maintain/sprog_upstatus.php. The manipulation of the argument id leads to sql injection. The attack can be initiated rem... Read more

    Affected Products : panalog
    • Published: Mar. 21, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2025-1840

    A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been rated as critical. Affected by this issue is some unknown functionality of the file /CDGServer3/workflowE/useractivate/updateorg.jsp. The manipulation of the argument flowId leads to sql... Read more

    Affected Products : cdg
    • Published: Mar. 03, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-1812

    A vulnerability classified as critical has been found in zj1983 zz up to 2024-08. Affected is the function GetUserOrg of the file com/futvan/z/framework/core/SuperZ.java. The manipulation of the argument userId leads to sql injection. It is possible to la... Read more

    Affected Products : zz
    • Published: Mar. 02, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-13194

    A vulnerability was found in Sucms 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/admin_members.php?ac=search. The manipulation of the argument uid leads to sql injection. The attack may be launched... Read more

    Affected Products : sucms
    • Published: Jan. 09, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-13192

    A vulnerability, which was classified as problematic, was found in ZeroWdd myblog 1.0. Affected is the function update of the file src/main/java/com/wdd/myblog/controller/admin/BlogController.java. The manipulation leads to cross site scripting. It is pos... Read more

    Affected Products : myblog
    • Published: Jan. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2024-12842

    A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be initiat... Read more

    Affected Products : emlog
    • Published: Dec. 20, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2025-4937

    A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumber leads... Read more

    • Published: May. 19, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4936

    A vulnerability was found in projectworlds Online Food Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin-page.php. The manipulation of the argument 1_price leads to sql injection. It is possible to... Read more

    Affected Products : online_food_ordering_system
    • Published: May. 19, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-4894

    A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function gen_rsa_keys of the file common/crypto.py. The manipulation leads to inadequate encry... Read more

    Affected Products : django-sso-server
    • Published: May. 18, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-4780

    A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been rated as critical. This issue affects some unknown processing of the file /foreigner-search.php. The manipulation of the argument searchdata leads to sql injection. ... Read more

    Affected Products : park_ticketing_management_system
    • Published: May. 16, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-4770

    A vulnerability, which was classified as critical, has been found in PHPGurukul Park Ticketing Management System 2.0. This issue affects some unknown processing of the file /view-normal-ticket.php. The manipulation of the argument viewid leads to sql inje... Read more

    Affected Products : park_ticketing_management_system
    • Published: May. 16, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-3587

    A vulnerability classified as critical was found in ZeroWdd/code-projects studentmanager 1.0. This vulnerability affects unknown code of the file /getTeacherList. The manipulation leads to improper authorization. The attack can be initiated remotely. The ... Read more

    Affected Products : studentmanager studentmanager
    • Published: Apr. 14, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-3537

    A vulnerability was found in Tutorials-Website Employee Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/update-user.php. The manipulation of the argument ID leads to improper authorization. It is ... Read more

    Affected Products : employee_management_system
    • Published: Apr. 13, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-3536

    A vulnerability was found in Tutorials-Website Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete-user.php. The manipulation of the argument ID leads to improper author... Read more

    Affected Products : employee_management_system
    • Published: Apr. 13, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-47616

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tushar Imran aBlocks allows Stored XSS.This issue affects aBlocks: from n/a through 1.9.2.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2024-24488

    An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component.... Read more

    Affected Products : cp3_firmware cp3
    • Published: Feb. 07, 2024
    • Modified: Jun. 05, 2025
Showing 20 of 292837 Results