Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2025-11443

    A weakness has been identified in JhumanJ OpnForm up to 1.9.3. This affects an unknown function of the file /api/password/email of the component Forgotten Password Handler. This manipulation causes information exposure through discrepancy. It is possible ... Read more

    Affected Products : opnform
    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-34231

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind and non-blind server-side request forgery (SSRF) vulnerability. The '/var/www/app/consol... Read more

    • Published: Sep. 29, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.9

    MEDIUM
    CVE-2025-34230

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery (SSRF) vulnerability reachable via the /var/www/app/console_... Read more

    • Published: Sep. 29, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.9

    MEDIUM
    CVE-2025-34229

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery (SSRF) vulnerability reachable via the /var/www/app/console_... Read more

    • Published: Sep. 29, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-11469

    A weakness has been identified in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /pages/save_customer.php. Executing manipulation of the argument Contact can lead to sql injection. The attack ... Read more

    Affected Products : hotel_and_lodge_management_system
    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11475

    A vulnerability was determined in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /view_member.php. Executing manipulation of the argument user_id can lead to sql injection. The attack... Read more

    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11476

    A vulnerability was identified in SourceCodester Simple E-Commerce Bookstore 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument login_username leads to sql injection. The attack may be initiated remotely. The exploi... Read more

    Affected Products : simple_e-commerce_bookstore
    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11477

    A security flaw has been discovered in SourceCodester Wedding Reservation Management System 1.0. This vulnerability affects unknown code of the file /global.php. The manipulation of the argument User results in sql injection. The attack may be launched re... Read more

    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11478

    A weakness has been identified in SourceCodester Farm Management System 1.0. This issue affects some unknown processing of the file /myCart.php. This manipulation of the argument pid causes sql injection. Remote exploitation of the attack is possible. The... Read more

    Affected Products : farm_management_system
    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-61183

    Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar() method of UserBase.php... Read more

    Affected Products : vaahcms
    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-11479

    A security vulnerability has been detected in SourceCodester Wedding Reservation Management System 1.0. Impacted is the function insertReservation of the file function.php. Such manipulation of the argument number leads to sql injection. The attack can be... Read more

    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11480

    A vulnerability was detected in SourceCodester Simple E-Commerce Bookstore 1.0. The affected element is an unknown function of the file /register.php. Performing manipulation of the argument register_username results in sql injection. The attack is possib... Read more

    Affected Products : simple_e-commerce_bookstore
    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-60313

    Sourcecodester Link Status Checker 1.0 is vulnerable to a Cross-Site Scripting (XSS) in the Enter URLs to check input field. This allows a remote attacker to execute arbitrary code.... Read more

    Affected Products : link_status_checker
    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-60318

    SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the fname (First Name) and lname (Last Name) fields.... Read more

    Affected Products : pet_grooming_management_software
    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-11481

    A flaw has been found in varunsardana004 Blood-Bank-And-Donation-Management-System up to dc9e0393d826fbc85fad9755b5bc12cba1919df2. The impacted element is an unknown function of the file /donate_blood.php. Executing manipulation of the argument fullname c... Read more

    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-11485

    A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function add_user of the file /admin.php of the component Manage Users Page. This manipulation of the argument first_name/last_name causes cross site sc... Read more

    Affected Products : student_grades_management_system
    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-11487

    A security flaw has been discovered in SourceCodester Farm Management System 1.0. Affected by this issue is some unknown functionality of the file /uploadProduct.php. Performing manipulation of the argument Type results in sql injection. The attack may be... Read more

    Affected Products : farm_management_system
    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-61788

    Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs (metadata like title, description, etc.) unfiltered and unmodi... Read more

    Affected Products : opencast
    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-61906

    Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, in some situations, Opencast's editor may publish a video without notifying the user. This may lead to users accide... Read more

    Affected Products : opencast
    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-27053

    Memory corruption during PlayReady APP usecase while processing TA commands.... Read more

    Affected Products :
    • Published: Oct. 09, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 3968 Results