Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-2663

    A vulnerability has been found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /search-locker-details.php. The manipulation of the argument searchinput lead... Read more

    Affected Products : bank_locker_management_system
    • Published: Mar. 23, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-2664

    A vulnerability was found in CodeZips Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /suadpeted.php. The manipulation of the argument ID leads to sql injection. The attack may be... Read more

    • Published: Mar. 23, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4311

    A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /admin/update_main_topic_img.php?topic_id=529. The manipulation of the argument stopic_id leads to sql inje... Read more

    Affected Products : content_management_system
    • Published: May. 06, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 3.5

    LOW
    CVE-2024-13124

    The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d... Read more

    Affected Products : photo_gallery
    • Published: Mar. 24, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-4298

    A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been declared as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm. The manipulation leads to buffer overflow. The attack can be initiated remotely. ... Read more

    Affected Products : ac1206_firmware ac1206
    • Published: May. 06, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4299

    A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been rated as critical. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation leads to buffer overflow. The attack may be initiated remotely. Th... Read more

    Affected Products : ac1206_firmware ac1206
    • Published: May. 06, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-44074

    SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.php.... Read more

    Affected Products : seacms
    • Published: May. 05, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-44072

    SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_manager.php.... Read more

    Affected Products : seacms
    • Published: May. 05, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-44071

    SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. This vulnerability allows attackers to execute arbitrary code via a crafted request.... Read more

    Affected Products : seacms
    • Published: May. 05, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-2665

    A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sq... Read more

    • Published: Mar. 23, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57099

    ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the se... Read more

    Affected Products : classcms classcms
    • Published: Feb. 03, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-0915

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 under specific configurations could allow an authenticated user to cause a denial of service due to insufficient release of allocated mem... Read more

    Affected Products : db2
    • Published: May. 05, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-1000

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic cli... Read more

    Affected Products : db2
    • Published: May. 05, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2024-57450

    ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function.... Read more

    Affected Products : chestnutcms chestnutcms
    • Published: Feb. 03, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-57452

    ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder.... Read more

    Affected Products : chestnutcms chestnutcms
    • Published: Feb. 03, 2025
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-49641

    Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginCheck.php resource does not validate the characters received and they are sent unfiltered to the database.... Read more

    Affected Products : billing_system
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 4.4

    MEDIUM
    CVE-2025-26662

    The Data Services Management Console does not sufficiently encode user-controlled inputs, allowing an attacker to inject malicious script. When a targeted victim, who is already logged in, clicks on the compromised link, the injected script gets executed ... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.6

    MEDIUM
    CVE-2025-42997

    Under certain conditions, SAP Gateway Client allows a high-privileged user to access restricted information beyond the scope of the application. Due to the possibility of influencing application behavior or performance through misuse of the exposed data, ... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-30011

    The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send an malicious request to the application, which could disclose ... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Information Disclosure

  • 8.6

    HIGH
    CVE-2025-30018

    The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed, enables the attacker to access sensitive files and data. This vul... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: XML External Entity
Showing 20 of 291659 Results