Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-2062

    A vulnerability classified as critical has been found in projectworlds Life Insurance Management System 1.0. Affected is an unknown function of the file /clientStatus.php. The manipulation of the argument client_id leads to sql injection. It is possible t... Read more

    Affected Products : life_insurance_management_system
    • Published: Mar. 07, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 9.0

    CRITICAL
    CVE-2022-32177

    In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low... Read more

    Affected Products : gin-vue-admin
    • EPSS Score: %0.19
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 9.8

    CRITICAL
    CVE-2025-2063

    A vulnerability classified as critical was found in projectworlds Life Insurance Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /deleteNominee.php. The manipulation of the argument nominee_id leads to sql inj... Read more

    Affected Products : life_insurance_management_system
    • Published: Mar. 07, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2064

    A vulnerability, which was classified as critical, has been found in projectworlds Life Insurance Management System 1.0. Affected by this issue is some unknown functionality of the file /deletePayment.php. The manipulation of the argument recipt_no leads ... Read more

    Affected Products : life_insurance_management_system
    • Published: Mar. 07, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2065

    A vulnerability, which was classified as critical, was found in projectworlds Life Insurance Management System 1.0. This affects an unknown part of the file /editAgent.php. The manipulation of the argument agent_id leads to sql injection. It is possible t... Read more

    Affected Products : life_insurance_management_system
    • Published: Mar. 07, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2066

    A vulnerability has been found in projectworlds Life Insurance Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /updateAgent.php. The manipulation of the argument agent_id leads to sql injection. The at... Read more

    Affected Products : life_insurance_management_system
    • Published: Mar. 07, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2067

    A vulnerability was found in projectworlds Life Insurance Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /search.php. The manipulation of the argument key leads to sql injection. The attack may be ... Read more

    Affected Products : life_insurance_management_system
    • Published: Mar. 07, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2024-9638

    The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : category_posts_widget
    • Published: Jan. 07, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2024-48245

    Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action N... Read more

    Affected Products : vehicle_management_system
    • Published: Jan. 07, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2024-7277

    A vulnerability was found in itsourcecode Alton Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/menu.php of the component Add a Menu. The manipulation of the argument image leads to... Read more

    • Published: Jul. 31, 2024
    • Modified: May. 14, 2025

  • 7.2

    HIGH
    CVE-2024-7276

    A vulnerability has been found in itsourcecode Alton Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/member_save.php. The manipulation of the argument last/first leads to sql ... Read more

    • Published: Jul. 30, 2024
    • Modified: May. 14, 2025

  • 7.2

    HIGH
    CVE-2024-7278

    A vulnerability was found in itsourcecode Alton Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/team_save.php. The manipulation of the argument team leads to sql injection. It is possible to initi... Read more

    • Published: Jul. 31, 2024
    • Modified: May. 14, 2025

  • 4.7

    MEDIUM
    CVE-2024-45985

    A Cross Site Scripting (XSS) vulnerability in update_contact.php of Blood Bank and Donation Management System v1.0 allows an attacker to inject malicious scripts via the name parameter of the update_contact.php... Read more

    • Published: Sep. 26, 2024
    • Modified: May. 14, 2025

  • 4.7

    MEDIUM
    CVE-2024-45984

    A Cross Site Scripting (XSS) vulnerability in add_donor.php of Blood Bank And Donation Management System 1.0 allows an attacker to inject malicious scripts that will be executed when the Donor List is viewed.... Read more

    • Published: Sep. 26, 2024
    • Modified: May. 14, 2025

  • 5.4

    MEDIUM
    CVE-2024-10151

    The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Store... Read more

    Affected Products : auto_iframe
    • Published: Jan. 08, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-12585

    The Property Hive WordPress plugin before 2.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : propertyhive
    • Published: Jan. 08, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-44587

    itsourcecode Alton Management System 1.0 is vulnerable to SQL Injection in /noncombo_save.php via the "menu" parameter.... Read more

    • Published: Sep. 05, 2024
    • Modified: May. 14, 2025

  • 8.2

    HIGH
    CVE-2024-37871

    SQL injection vulnerability in login.php in Itsourcecode Online Discussion Forum Project in PHP with Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the email parameter.... Read more

    • Published: Jul. 09, 2024
    • Modified: May. 14, 2025

  • 4.2

    MEDIUM
    CVE-2024-10815

    The PostLists WordPress plugin through 2.0.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers... Read more

    Affected Products : postlists
    • Published: Jan. 09, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2024-37872

    SQL injection vulnerability in process.php in Itsourcecode Billing System in PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.... Read more

    Affected Products : billing_system
    • Published: Jul. 09, 2024
    • Modified: May. 14, 2025
Showing 20 of 291638 Results