Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-21007

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v... Read more

    Affected Products : weblogic_server
    • Published: Apr. 16, 2024
    • Modified: May. 21, 2025

  • 5.3

    MEDIUM
    CVE-2024-21117

    Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to t... Read more

    Affected Products : outside_in_technology
    • Published: Apr. 16, 2024
    • Modified: May. 21, 2025

  • 5.3

    MEDIUM
    CVE-2024-21120

    Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to t... Read more

    Affected Products : outside_in_technology
    • Published: Apr. 16, 2024
    • Modified: May. 21, 2025

  • 8.8

    HIGH
    CVE-2024-21067

    Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows low privileged attacker with logo... Read more

    Affected Products : enterprise_manager_base_platform
    • Published: Apr. 16, 2024
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-4864

    A vulnerability has been found in itsourcecode Restaurant Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/finished.php. The manipulation of the argument ID leads to sql injection. The attack can... Read more

    Affected Products : restaurant_management_system
    • Published: May. 18, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4865

    A vulnerability was found in itsourcecode Restaurant Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/member_save.php. The manipulation of the argument last leads to sql injection. The attack ... Read more

    Affected Products : restaurant_management_system
    • Published: May. 18, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4870

    A vulnerability classified as critical was found in itsourcecode Restaurant Management System 1.0. This vulnerability affects unknown code of the file /admin/menu_save.php. The manipulation of the argument menu leads to sql injection. The attack can be in... Read more

    Affected Products : restaurant_management_system
    • Published: May. 18, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4875

    A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be... Read more

    • Published: May. 18, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4881

    A vulnerability was found in itsourcecode Restaurant Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/user_save.php. The manipulation of the argument username/name leads to sql injec... Read more

    Affected Products : restaurant_management_system
    • Published: May. 18, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4882

    A vulnerability was found in itsourcecode Restaurant Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/team_update.php. The manipulation of the argument team leads to sql injection. It is possible t... Read more

    Affected Products : restaurant_management_system
    • Published: May. 18, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-4883

    A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been declared as critical. This vulnerability affects the function ctxz_asp of the file /ctxz.asp of the component Connection Limit Page. The manipulation of the argument def/defTcp/defUdp/def... Read more

    • Published: May. 18, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-4890

    A vulnerability was found in code-projects Tourism Management System 1.0 and classified as critical. This issue affects the function LoginUser of the component Login User. The manipulation of the argument username/password leads to stack-based buffer over... Read more

    Affected Products : tourism_management_system
    • Published: May. 18, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4895

    A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/delete-session.php. The manipulation of the argument ID leads to sql injectio... Read more

    • Published: May. 18, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-4898

    A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects the function unlink of the file update_system.php of the component Logo File Handler. The manipulation of the ar... Read more

    • Published: May. 18, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-4899

    A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pages/transaction_update.php. The manipulation of the argument ID leads to sql injection. The att... Read more

    Affected Products : sales_and_inventory_system
    • Published: May. 18, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4900

    A vulnerability classified as critical has been found in Campcodes Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/payment.php. The manipulation of the argument cid leads to sql injection. It is possible to launch the at... Read more

    Affected Products : sales_and_inventory_system
    • Published: May. 18, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2025-27910

    tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request.... Read more

    Affected Products : tianti
    • Published: Mar. 10, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2024-13853

    The SEO Tools WordPress plugin through 4.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : seo_tools
    • Published: Mar. 11, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-13862

    The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) WordPress plugin through 8.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against h... Read more

    • Published: Mar. 11, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-0629

    The Coronavirus (COVID-19) Notice Message WordPress plugin through 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html c... Read more

    • Published: Mar. 11, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292768 Results