Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-24225

    An injection issue was addressed with improved input validation. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. Processing an email may lead to user interface spoofing.... Read more

    Affected Products : iphone_os ipados
    • Published: May. 12, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-24258

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to gain root privileges.... Read more

    Affected Products : macos
    • Published: May. 12, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-44186

    SourceCodester Best Employee Management System 1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/Operation/User.php page.... Read more

    Affected Products : best_employee_management_system
    • Published: May. 14, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-46635

    An issue was discovered on Tenda RX2 Pro 16.03.30.14 devices. Improper network isolation between the guest Wi-Fi network and other network interfaces on the router allows an attacker (who is authenticated to the guest Wi-Fi) to access resources on the rou... Read more

    Affected Products : rx2_pro_firmware rx2_pro
    • Published: May. 01, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Misconfiguration

  • 8.2

    HIGH
    CVE-2025-46634

    Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an unauthenticated attacker to authenticate to the web management portal by collecting credentials from observed/collected traffic. It ... Read more

    Affected Products : rx2_pro_firmware rx2_pro
    • Published: May. 01, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2023-44853

    \An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_219C4 function in the acu_web file.... Read more

    • Published: Apr. 12, 2024
    • Modified: May. 27, 2025

  • 8.2

    HIGH
    CVE-2025-46633

    Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt traffic between the client and server by collecting the symmetric AES key from collected and/or observed traffic. T... Read more

    Affected Products : rx2_pro_firmware rx2_pro
    • Published: May. 01, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2025-46632

    Initialization vector (IV) reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server.... Read more

    Affected Products : rx2_pro_firmware rx2_pro
    • Published: May. 01, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-4724

    A vulnerability, which was classified as critical, has been found in itsourcecode Placement Management System 1.0. Affected by this issue is some unknown functionality of the file /student_profile.php. The manipulation of the argument ID leads to sql inje... Read more

    Affected Products : placement_management_system
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4723

    A vulnerability classified as critical was found in itsourcecode Placement Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /all_student.php. The manipulation of the argument delete leads to sql injection. The ... Read more

    Affected Products : placement_management_system
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4722

    A vulnerability classified as critical has been found in itsourcecode Placement Management System 1.0. Affected is an unknown function of the file /edit_profile.php. The manipulation of the argument Name leads to sql injection. It is possible to launch th... Read more

    Affected Products : placement_management_system
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4721

    A vulnerability was found in itsourcecode Placement Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /drive.php. The manipulation of the argument ID leads to sql injection. The attack may be init... Read more

    Affected Products : placement_management_system
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2023-44852

    Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_traps_decode function in the acu_web file.... Read more

    • Published: Apr. 12, 2024
    • Modified: May. 27, 2025

  • 5.5

    MEDIUM
    CVE-2025-4720

    A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file academic/core/drop_student.php. The manipulation of the argument img leads to path trav... Read more

    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-4716

    A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /pages/credit_transaction_add.php. The manipulation of the argument prod_name leads to s... Read more

    Affected Products : sales_and_inventory_system
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4715

    A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /pages/view_application.php. The manipulation of the argument cid leads to sql ... Read more

    Affected Products : sales_and_inventory_system
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4714

    A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been classified as critical. Affected is an unknown function of the file /pages/reprint.php. The manipulation of the argument sid leads to sql injection. It is possible to launc... Read more

    Affected Products : sales_and_inventory_system
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4713

    A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/print.php. The manipulation of the argument sid leads to sql injection. The attack may be initi... Read more

    Affected Products : sales_and_inventory_system
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4712

    A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pages/account_summary.php. The manipulation of the argument cid leads to sql injection. The attack ... Read more

    Affected Products : sales_and_inventory_system
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4711

    A vulnerability, which was classified as critical, was found in Campcodes Sales and Inventory System 1.0. This affects an unknown part of the file /pages/stockin_add.php. The manipulation of the argument prod_name leads to sql injection. It is possible to... Read more

    Affected Products : sales_and_inventory_system
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection
Showing 20 of 292837 Results