Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-4074

    A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/pass-bwdates-report.php. The manipulation of the argument fromdate... Read more

    Affected Products : curfew_e-pass_management_system
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-3471

    The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action... Read more

    Affected Products : sureforms
    • Published: Apr. 30, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-45007

    A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the profile.php file of PHPGurukul Timetable Generator System v1.0. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the adminname POST request param... Read more

    Affected Products : time_table_generator_system
    • Published: Apr. 30, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-45020

    A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter in a POST re... Read more

    • Published: Apr. 30, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-45009

    A HTML Injection vulnerability was discovered in the normal-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata parameter.... Read more

    • Published: Apr. 30, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-45010

    A HTML Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the fromdate and todate POST request... Read more

    • Published: Apr. 30, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-45011

    A HTML Injection vulnerability was discovered in the foreigner-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata POST request parameter.... Read more

    • Published: Apr. 30, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-45015

    A Cross-Site Scripting (XSS) vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. The vulnerability allows remote attackers to inject arbitrary JavaScript code via the fromdate... Read more

    • Published: Apr. 30, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-45017

    A SQL injection vulnerability was discovered in edit-ticket.php of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the tprice POST request parameter.... Read more

    • Published: Apr. 30, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-45018

    A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter.... Read more

    • Published: Apr. 30, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-45019

    A SQL injection vulnerability was discovered in /add-foreigners-ticket.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the cprice POST request parameter.... Read more

    • Published: Apr. 30, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-45021

    A SQL Injection vulnerability was identified in the admin/edit-directory.php file of the PHPGurukul Directory Management System v2.0. Attackers can exploit this vulnerability via the email parameter in a POST request to execute arbitrary SQL commands.... Read more

    Affected Products : directory_management_system
    • Published: Apr. 30, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4174

    A vulnerability, which was classified as critical, has been found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql inje... Read more

    Affected Products : covid19_testing_management_system
    • Published: May. 01, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4176

    A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as critical. This vulnerability affects unknown code of the file /admin/request-received-bydonar.php. The manipulation of the argument searchdata leads to... Read more

    • Published: May. 01, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4241

    A vulnerability classified as critical has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is ... Read more

    • Published: May. 03, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2023-6257

    The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of pa... Read more

    Affected Products : inline_related_posts
    • Published: Apr. 11, 2024
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2025-4242

    A vulnerability classified as critical was found in PHPGurukul Online Birth Certificate System 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/between-dates-report.php. The manipulation of the argument fromdate leads to ... Read more

    Affected Products : online_birth_certificate_system
    • Published: May. 03, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4309

    A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add-art-type.php. The manipulation of the argument arttype leads to sql injec... Read more

    Affected Products : art_gallery_management_system
    • Published: May. 06, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2023-49334

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 20, 2024
    • Modified: May. 09, 2025

  • 8.8

    HIGH
    CVE-2023-49333

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 20, 2024
    • Modified: May. 09, 2025
Showing 20 of 291659 Results