Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-2472

    A vulnerability has been found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Sign In. The manipulation of the argument ... Read more

    • Published: Mar. 18, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-2471

    A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. Affected is an unknown function of the file /boat-details.php. The manipulation of the argument bid leads to sql injection. It is possible to launch the at... Read more

    Affected Products : boat_booking_system
    • Published: Mar. 18, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4502

    A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pages/creditor_add.php. The manipulation leads to sql injection. The attack can be initiated remote... Read more

    Affected Products : sales_and_inventory_system
    • Published: May. 10, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 9.6

    CRITICAL
    CVE-2025-22466

    Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.... Read more

    Affected Products : endpoint_manager
    • Published: Apr. 08, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-22465

    Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to execute arbitrary javascript in a victim's browser. Unlikely user interaction is required.... Read more

    Affected Products : endpoint_manager
    • Published: Apr. 08, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-22464

    An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition.... Read more

    Affected Products : endpoint_manager
    • Published: Apr. 08, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-22461

    SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Apr. 08, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-22459

    Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers.... Read more

    Affected Products : endpoint_manager
    • Published: Apr. 08, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-4503

    A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/customer_update.php. The manipulation of the argument ID leads to sql injection. The attack may... Read more

    Affected Products : sales_and_inventory_system
    • Published: May. 10, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 2.7

    LOW
    CVE-2024-42179

    HCL MyXalytics is affected by sensitive information disclosure vulnerability. The HTTP response header exposes the Microsoft-HTTP API∕2.0 as the server's name & version.... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 12, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2024-42175

    HCL MyXalytics is affected by a weak input validation vulnerability. The application accepts special characters and there is no length validation. This can lead to security vulnerabilities like SQL injection, XSS, and buffer overflow.... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 11, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 3.7

    LOW
    CVE-2024-42174

    HCL MyXalytics is affected by username enumeration vulnerability. This allows a malicious user to perform enumeration of application users, and therefore compile a list of valid usernames.... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 11, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2024-42173

    HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to guess or brute-force passwords if the username is known.... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 11, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-42172

    HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or sof... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 11, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2024-42171

    HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim's login session.... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 11, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2024-42170

    HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim's login session.... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 11, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2024-42169

    HCL MyXalytics is affected by insecure direct object references. It occurs due to missing access control checks, which fail to verify whether a user should be allowed to access specific data.... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 11, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 9.4

    CRITICAL
    CVE-2024-42168

    HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious content, and then induce the application to retrieve and process that content.... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 11, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-4504

    A vulnerability was found in SourceCodester Online College Library System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php. The manipulation of the argument Category leads to sql injection. It is possible to ... Read more

    Affected Products : online_college_library_system
    • Published: May. 10, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-42180

    HCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts invalid file uploads, including incorrect content types, double extensions, null bytes, and special characters, allowing attackers to upload and execute maliciou... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 12, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291779 Results