Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-46176

    Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis.... Read more

    • Published: May. 23, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Authentication

  • 4.4

    MEDIUM
    CVE-2024-51102

    PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/login.php via the username and password parameters.... Read more

    Affected Products : student_management_system
    • Published: May. 23, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-51103

    PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/password-recovery.php via the emailid and id parameters.... Read more

    Affected Products : student_management_system
    • Published: May. 23, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-51099

    A reflected cross-site scripting (XSS) vulnerability in the component mcgs/download-medical-cards.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary code in the context of a user's browser via i... Read more

    Affected Products : medical_card_generation_system
    • Published: May. 23, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-5184

    A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. It has been classified as problematic. Affected is an unknown function of the component HTTP Response Header Handler. The manipulation leads to information di... Read more

    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Information Disclosure

  • 5.1

    MEDIUM
    CVE-2025-5183

    A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1 and classified as problematic. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument Host leads to open ... Read more

    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-5182

    A vulnerability has been found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1 and classified as critical. This vulnerability affects unknown code of the component Listing Handler. The manipulation leads to authorization bypass. The ... Read more

    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2025-5181

    A vulnerability, which was classified as problematic, was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. This affects an unknown part of the file /spgpm/updateListing. The manipulation of the argument spgLsTitle leads to cros... Read more

    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-5180

    A vulnerability, which was classified as critical, has been found in Wondershare Filmora 14.5.16. Affected by this issue is some unknown functionality in the library CRYPTBASE.dll of the file NFWCHK.exe of the component Installer. The manipulation leads t... Read more

    Affected Products : windows filmora
    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2025-5179

    A vulnerability classified as problematic was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. Affected by this vulnerability is an unknown functionality of the file /adm/index.php of the component Cadastro de Administrador Page. The manipula... Read more

    Affected Products : queue_ticket_kiosk
    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-5178

    A vulnerability classified as critical has been found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. Affected is an unknown function of the file /adm/ajax.php of the component Image File Handler. The manipulation of the argument files[] leads to ... Read more

    Affected Products : queue_ticket_kiosk
    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-5177

    A vulnerability was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. It has been rated as problematic. This issue affects some unknown processing of the file /adm/index.php of the component Admin Login Page. The manipulation of the argument U... Read more

    Affected Products : queue_ticket_kiosk
    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025

  • 9.1

    CRITICAL
    CVE-2025-5176

    A vulnerability was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. It has been declared as critical. This vulnerability affects unknown code of the file /adm/index.php of the component Admin Login Page. The manipulation of the argument Usuá... Read more

    Affected Products : queue_ticket_kiosk
    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-5175

    A vulnerability was found in erdogant pypickle up to 1.1.5. It has been classified as critical. This affects the function Save of the file pypickle/pypickle.py. The manipulation leads to improper authorization. Attacking locally is a requirement. The expl... Read more

    Affected Products : pypickle
    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-5174

    A vulnerability was found in erdogant pypickle up to 1.1.5 and classified as problematic. Affected by this issue is the function load of the file pypickle/pypickle.py. The manipulation leads to deserialization. Local access is required to approach this at... Read more

    Affected Products : pypickle
    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025

  • 7.8

    HIGH
    CVE-2025-5173

    A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/label_studio_ml/exa... Read more

    Affected Products : label_studio_ml_backend
    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-41441

    Mailform Pro CGI prior to 4.3.4 generates error messages containing sensitive information, which may allow a remote unauthenticated attacker to obtain coupon codes. This vulnerability only affects products that use the coupon feature.... Read more

    Affected Products : mailform_pro_cgi mailform_pro_cgi
    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-5172

    A vulnerability, which was classified as critical, was found in Econtrata up to 20250516. Affected is an unknown function of the file /valida. The manipulation of the argument usuario leads to sql injection. It is possible to launch the attack remotely. T... Read more

    Affected Products : econtrata
    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2024-31582

    FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted... Read more

    Affected Products : fedora ffmpeg
    • Published: Apr. 17, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2025-5171

    A vulnerability, which was classified as critical, has been found in llisoft MTA Maita Training System 4.5. This issue affects the function this.fileService.download of the file com\llisoft\controller\OpenController.java. The manipulation of the argument ... Read more

    Affected Products : mta_maita_training_system
    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 292508 Results