Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2023-41216

    D-Link DIR-3040 prog.cgi SetDynamicDNSSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentica... Read more

    Affected Products : dir-3040_firmware dir-3040
    • Published: May. 03, 2024
    • Modified: May. 15, 2025

  • 6.8

    MEDIUM
    CVE-2023-41222

    D-Link DIR-3040 prog.cgi SetWan2Settings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication i... Read more

    Affected Products : dir-3040_firmware dir-3040
    • Published: May. 03, 2024
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2023-5677

    Brandon Rothel from QED Secure Solutions and Sam Hanson of Dragos have found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with... Read more

    • EPSS Score: %0.12
    • Published: Feb. 05, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-46076

    RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code.... Read more

    Affected Products : ruoyi
    • Published: Oct. 07, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2025-4467

    A vulnerability was found in SourceCodester Online Student Clearance System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit-admin.php. The manipulation of the argument id/txtfullname/txtemail/cmddesig... Read more

    Affected Products : online_student_clearance_system
    • Published: May. 09, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4358

    A vulnerability classified as critical has been found in PHPGurukul Company Visitor Management System 2.0. Affected is an unknown function of the file /admin-profile.php. The manipulation of the argument adminname/mobilenumber leads to sql injection. It i... Read more

    Affected Products : company_visitor_management_system
    • Published: May. 06, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-10969

    A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login_process.php of the component Login. The manipulation of the argument u... Read more

    Affected Products : bookstore_management_system
    • Published: Nov. 07, 2024
    • Modified: May. 15, 2025

  • 5.9

    MEDIUM
    CVE-2024-8447

    A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or han... Read more

    Affected Products : undertow
    • Published: Jan. 02, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2025-2651

    A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /oews/admin/. The manipulation leads to exposure of information through directory listing. It is possibl... Read more

    Affected Products : online_eyewear_shop
    • Published: Mar. 23, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-2602

    A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file deactivate_reg.php. The manipulation of the argument ID leads to sql injecti... Read more

    Affected Products : advocate_office_management_system
    • Published: Mar. 21, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-2601

    A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This affects an unknown part of the file activate_reg.php. The manipulation of the argument ID leads to sql injection. It is ... Read more

    Affected Products : advocate_office_management_system
    • Published: Mar. 21, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-2377

    A vulnerability was found in SourceCodester Vehicle Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /confirmbooking.php. The manipulation of the argument id leads to cross site scriptin... Read more

    • Published: Mar. 17, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-1607

    A vulnerability, which was classified as problematic, has been found in SourceCodester Best Employee Management System 1.0. This issue affects some unknown processing of the file /admin/salary_slip.php. The manipulation of the argument id leads to authori... Read more

    Affected Products : best_employee_management_system
    • Published: Feb. 24, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-1587

    A vulnerability was found in SourceCodester Telecom Billing Management System 1.0. It has been rated as critical. This issue affects the function addrecords of the file main.cpp of the component Add New Record. The manipulation of the argument name/phonen... Read more

    Affected Products : telecom_billing_management_system
    • Published: Feb. 23, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2022-42154

    An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : 74cmsse
    • EPSS Score: %0.12
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 9.8

    CRITICAL
    CVE-2022-42149

    kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java.... Read more

    Affected Products : kkfileview
    • EPSS Score: %0.11
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 6.1

    MEDIUM
    CVE-2022-42147

    kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\ Filecontroller.java.... Read more

    Affected Products : kkfileview
    • EPSS Score: %0.11
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 7.2

    HIGH
    CVE-2022-42143

    Open Source SACCO Management System v1.0 is vulnerable to SQL Injection via /sacco_shield/manage_payment.php.... Read more

    • EPSS Score: %0.09
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 7.2

    HIGH
    CVE-2022-42142

    Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php.... Read more

    • EPSS Score: %0.11
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 8.8

    HIGH
    CVE-2022-42029

    Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory.... Read more

    Affected Products : chamilo_lms chamilo
    • EPSS Score: %0.21
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025
Showing 20 of 291659 Results