Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2012-6426

    LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data.... Read more

    Affected Products : lemonldap\
    • EPSS Score: %0.25
    • Published: Jan. 01, 2013
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2019-15941

    OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration ... Read more

    Affected Products : debian_linux lemonldap\
    • EPSS Score: %0.55
    • Published: Sep. 25, 2019
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2019-12046

    LemonLDAP::NG -2.0.3 has Incorrect Access Control.... Read more

    Affected Products : debian_linux lemonldap\
    • EPSS Score: %1.74
    • Published: May. 22, 2019
    • Modified: May. 28, 2025

  • 7.5

    HIGH
    CVE-2025-1162

    A vulnerability classified as critical has been found in code-projects Job Recruitment 1.0. This affects an unknown part of the file /\_parse/load\_user-profile.php. The manipulation of the argument userhash leads to sql injection. It is possible to initi... Read more

    Affected Products : job_recruitment
    • Published: Feb. 10, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-2061

    A vulnerability was found in code-projects Online Ticket Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /passenger.php. The manipulation of the argument name leads to cross site scripting. ... Read more

    Affected Products : online_ticket_reservation_system
    • Published: Mar. 07, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-0961

    A vulnerability, which was classified as problematic, has been found in code-projects Job Recruitment 1.0. Affected by this issue is some unknown functionality of the file /_parse/load_job-details.php. The manipulation of the argument business_stream_name... Read more

    Affected Products : job_recruitment
    • Published: Feb. 01, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-1846

    A vulnerability was found in zj1983 zz up to 2024-8. It has been declared as problematic. This vulnerability affects the function deleteLocalFile of the file src/main/java/com/futvan/z/system/zfile/ZfileAction.java of the component File Handler. The manip... Read more

    Affected Products : zz
    • Published: Mar. 03, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2022-38956

    An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to replace the user-uploaded firmware image with an original old firmware image. This affects Firmware 1.1.1... Read more

    Affected Products : wpn824ext_firmware wpn824ext
    • EPSS Score: %0.15
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2022-37205

    JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.... Read more

    Affected Products : jfinal_cms
    • EPSS Score: %0.46
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2025-0300

    A vulnerability classified as critical was found in code-projects Online Book Shop 1.0. Affected by this vulnerability is an unknown functionality of the file /subcat.php. The manipulation of the argument cat leads to sql injection. The attack can be laun... Read more

    Affected Products : online_book_shop
    • Published: Jan. 07, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1845

    A vulnerability has been found in ESAFENET DSM 3.1.2 and classified as critical. Affected by this vulnerability is the function examExportPDF of the file /admin/plan/examExportPDF. The manipulation of the argument s leads to command injection. The attack ... Read more

    Affected Products : dsm
    • Published: Mar. 03, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1844

    A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.205_20250114. Affected is an unknown function of the file /CDGServer3/logManagement/backupLogDetail.jsp. The manipulation of the argument logTaskId leads to sql injecti... Read more

    Affected Products : cdg
    • Published: Mar. 03, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-0348

    A vulnerability was found in CampCodes DepEd Equipment Inventory System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /data/add_employee.php. The manipulation of the argument data leads to cross site scripti... Read more

    Affected Products : deped_equipment_inventory_system
    • Published: Jan. 09, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-4815

    A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/supplier_update.php. The manipulation of the argument Name leads to sql injection. Th... Read more

    Affected Products : sales_and_inventory_system
    • Published: May. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2024-41550

    CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_invoice_items.php?id= .... Read more

    Affected Products : supplier_management_system
    • Published: Jul. 24, 2024
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-1841

    A vulnerability classified as critical has been found in ESAFENET CDG 5.6.3.154.205. This affects an unknown part of the file /CDGServer3/logManagement/ClientSortLog.jsp. The manipulation of the argument startDate/endDate leads to sql injection. It is pos... Read more

    Affected Products : cdg
    • Published: Mar. 03, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-51138

    Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earl... Read more

    • Published: Feb. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-51139

    Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 ... Read more

    • Published: Feb. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-25711

    diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.... Read more

    Affected Products : fedora diffoscope
    • Published: Feb. 27, 2024
    • Modified: May. 28, 2025

  • 6.5

    MEDIUM
    CVE-2023-6512

    Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %0.31
    • Published: Dec. 06, 2023
    • Modified: May. 28, 2025
Showing 20 of 291756 Results