Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-4241

    A vulnerability classified as critical has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is ... Read more

    • Published: May. 03, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2023-6257

    The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of pa... Read more

    Affected Products : inline_related_posts
    • Published: Apr. 11, 2024
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2025-4242

    A vulnerability classified as critical was found in PHPGurukul Online Birth Certificate System 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/between-dates-report.php. The manipulation of the argument fromdate leads to ... Read more

    Affected Products : online_birth_certificate_system
    • Published: May. 03, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4309

    A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add-art-type.php. The manipulation of the argument arttype leads to sql injec... Read more

    Affected Products : art_gallery_management_system
    • Published: May. 06, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2023-49334

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 20, 2024
    • Modified: May. 09, 2025

  • 8.8

    HIGH
    CVE-2023-49333

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 20, 2024
    • Modified: May. 09, 2025

  • 7.2

    HIGH
    CVE-2024-21791

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 22, 2024
    • Modified: May. 09, 2025

  • 8.8

    HIGH
    CVE-2023-49335

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 20, 2024
    • Modified: May. 09, 2025

  • 8.8

    HIGH
    CVE-2023-49332

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 20, 2024
    • Modified: May. 09, 2025

  • 8.8

    HIGH
    CVE-2023-49331

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 20, 2024
    • Modified: May. 09, 2025

  • 6.5

    MEDIUM
    CVE-2024-1290

    The User Registration WordPress plugin before 2.12 does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts.... Read more

    • Published: Mar. 11, 2024
    • Modified: May. 09, 2025

  • 8.8

    HIGH
    CVE-2025-1232

    The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks... Read more

    Affected Products : site_reviews
    • Published: Mar. 19, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-21839

    In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core .vcpu_run() loop to fix... Read more

    Affected Products : linux_kernel
    • Published: Mar. 07, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2024-58237

    In the Linux kernel, the following vulnerability has been resolved: bpf: consider that tail calls invalidate packet pointers Tail-called programs could execute any of the helpers that invalidate packet pointers. Hence, conservatively assume that each ta... Read more

    Affected Products : linux_kernel
    • Published: May. 05, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2024-58100

    In the Linux kernel, the following vulnerability has been resolved: bpf: check changes_pkt_data property for extension programs When processing calls to global sub-programs, verifier decides whether to invalidate all packet pointers in current state dep... Read more

    Affected Products : linux_kernel
    • Published: May. 05, 2025
    • Modified: May. 09, 2025

  • 0.0

    NA
    CVE-2024-58098

    In the Linux kernel, the following vulnerability has been resolved: bpf: track changes_pkt_data property for global functions When processing calls to certain helpers, verifier invalidates all packet pointers in a current state. For example, consider th... Read more

    Affected Products : linux_kernel
    • Published: May. 05, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2024-45027

    In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup() If xhci_mem_init() fails, it calls into xhci_mem_cleanup() to mop up the damage. If it fails early enough, ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 11, 2024
    • Modified: May. 09, 2025

  • 5.3

    MEDIUM
    CVE-2024-26559

    An issue in uverif v.2.0 allows a remote attacker to obtain sensitive information.... Read more

    Affected Products : uverif
    • Published: Feb. 28, 2024
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2022-36677

    Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document.... Read more

    Affected Products : obsidian_mind_map
    • Published: Feb. 29, 2024
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2023-27151

    openCRX 5.2.0 was discovered to contain an HTML injection vulnerability for Search Criteria-Activity Number (in the Saved Search Activity) via the Name, Description, or Activity Number field.... Read more

    Affected Products : opencrx
    • Published: Feb. 29, 2024
    • Modified: May. 08, 2025
Showing 20 of 291647 Results