Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-46188

    SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in superadmin_phpmyadmin.php.... Read more

    Affected Products : client_database_management_system
    • Published: May. 09, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-46189

    SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_order_customer_update.php via the order_id POST parameter.... Read more

    Affected Products : client_database_management_system
    • Published: May. 09, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2024-13128

    The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : learnpress
    • Published: May. 15, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-46191

    Arbitrary File Upload in user_payment_update.php in SourceCodester Client Database Management System 1.0 allows unauthenticated users to upload arbitrary files via the uploaded_file_cancelled field. Due to the absence of proper file extension checks, MIME... Read more

    Affected Products : client_database_management_system
    • Published: May. 09, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-46190

    SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_delivery_update.php via the order_id POST parameter.... Read more

    Affected Products : client_database_management_system
    • Published: May. 09, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-46193

    SourceCodester Client Database Management System 1.0 is vulnerable to Remote code execution via Arbitrary file upload in user_proposal_update_order.php.... Read more

    Affected Products : client_database_management_system
    • Published: May. 09, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-46192

    SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_payment_update.php via the order_id POST parameter.... Read more

    Affected Products : client_database_management_system
    • Published: May. 09, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-47280

    Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email... Read more

    Affected Products : umbraco_forms
    • Published: May. 13, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-4658

    Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also appl... Read more

    Affected Products : opkssh openpubkey
    • Published: May. 13, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-27197

    Lightroom Desktop versions 8.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must op... Read more

    Affected Products : lightroom
    • Published: May. 13, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-30324

    Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interac... Read more

    Affected Products : macos windows photoshop
    • Published: May. 13, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-30325

    Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in ... Read more

    Affected Products : macos windows photoshop
    • Published: May. 13, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-4544

    A vulnerability was found in D-Link DI-8100 up to 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /ddos.asp of the component jhttpd. The manipulation of the argument def_max/def_time/def_tcp_max/def_tcp_time/d... Read more

    Affected Products : di-8100_firmware di-8100
    • Published: May. 11, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-4858

    A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. It has been declared as problematic. This vulnerability affects unknown code of the file /adv_arpspoofing.php of the component ARP Spoofing Prevention Page. The manipulation of the a... Read more

    Affected Products : dap-2695_firmware dap-2695
    • Published: May. 18, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-4859

    A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. It has been rated as problematic. This issue affects some unknown processing of the file /adv_macbypass.php of the component MAC Bypass Settings Page. The manipulation of the argumen... Read more

    Affected Products : dap-2695_firmware dap-2695
    • Published: May. 18, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-0810

    Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.07
    • Published: Jan. 24, 2024
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2024-0804

    Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : fedora chrome edge_chromium
    • EPSS Score: %0.11
    • Published: Jan. 24, 2024
    • Modified: May. 22, 2025

  • 8.8

    HIGH
    CVE-2024-0755

    Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnera... Read more

    • EPSS Score: %0.53
    • Published: Jan. 23, 2024
    • Modified: May. 22, 2025

  • 6.5

    MEDIUM
    CVE-2024-0754

    Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122.... Read more

    Affected Products : firefox
    • EPSS Score: %0.19
    • Published: Jan. 23, 2024
    • Modified: May. 22, 2025

  • 4.3

    MEDIUM
    CVE-2024-0749

    A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7.... Read more

    • EPSS Score: %0.23
    • Published: Jan. 23, 2024
    • Modified: May. 22, 2025
Showing 20 of 292758 Results