Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-48704

    Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes.... Read more

    Affected Products : medical_card_generation_system
    • Published: May. 23, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-5383

    A vulnerability was found in Yifang CMS up to 2.0.2 and classified as problematic. Affected by this issue is some unknown functionality of the component Article Management Module. The manipulation of the argument Default Value leads to cross site scriptin... Read more

    Affected Products : yifang
    • Published: May. 31, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-5381

    A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The manipulation of the argument File leads to path traversal... Read more

    Affected Products : yifang
    • Published: May. 31, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2025-24736

    Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Duplicator: from n/a through 2.35.... Read more

    Affected Products : post_duplicator
    • Published: Jan. 24, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-5376

    A vulnerability was found in SourceCodester Health Center Patient Record Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /patient.php. The manipulation of the argument itr_no ... Read more

    • Published: May. 31, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5370

    A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument Username leads to sql injection. The attack... Read more

    Affected Products : news_portal news_portal_project
    • Published: May. 31, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5369

    A vulnerability classified as critical has been found in SourceCodester PHP Display Username After Login 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument Username leads to sql injection. It is possible to launc... Read more

    Affected Products : display_username_after_login
    • Published: May. 31, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-3050

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q replication due to the improper allocation of CPU resources.... Read more

    Affected Products : db2
    • Published: May. 29, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-2518

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.... Read more

    Affected Products : db2
    • Published: May. 29, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-49350

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query... Read more

    Affected Products : db2
    • Published: May. 29, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2025-31501

    Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink.... Read more

    Affected Products : rt request_tracker
    • Published: May. 28, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-31500

    Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name.... Read more

    Affected Products : rt request_tracker
    • Published: May. 28, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-30087

    Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.... Read more

    Affected Products : rt request_tracker
    • Published: May. 28, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-36572

    Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. A low privileged attacker with remote access, with the knowledge of the hard-coded credentials, could potentially exploit this vul... Read more

    • Published: May. 28, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-51453

    IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.... Read more

    Affected Products : sterling_secure_proxy
    • Published: May. 28, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2024-38341

    IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.... Read more

    Affected Products : sterling_secure_proxy
    • Published: May. 28, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cryptography

  • 4.3

    MEDIUM
    CVE-2024-12750

    The Competition Form WordPress plugin through 2.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : competition_form
    • Published: May. 15, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-24733

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AddonMaster Post Grid Master allows PHP Local File Inclusion. This issue affects Post Grid Master: from n/a through 3.4.12.... Read more

    Affected Products : post_grid_master
    • Published: Jan. 24, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-3357

    IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array.... Read more

    Affected Products : tivoli_monitoring
    • Published: May. 28, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-48734

    Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. Howev... Read more

    Affected Products : commons_beanutils
    • Published: May. 28, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authentication
Showing 20 of 293408 Results