Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-45011

    A HTML Injection vulnerability was discovered in the foreigner-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata POST request parameter.... Read more

    • Published: Apr. 30, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-45015

    A Cross-Site Scripting (XSS) vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. The vulnerability allows remote attackers to inject arbitrary JavaScript code via the fromdate... Read more

    • Published: Apr. 30, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-45017

    A SQL injection vulnerability was discovered in edit-ticket.php of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the tprice POST request parameter.... Read more

    • Published: Apr. 30, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-45018

    A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter.... Read more

    • Published: Apr. 30, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-45019

    A SQL injection vulnerability was discovered in /add-foreigners-ticket.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the cprice POST request parameter.... Read more

    • Published: Apr. 30, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-45021

    A SQL Injection vulnerability was identified in the admin/edit-directory.php file of the PHPGurukul Directory Management System v2.0. Attackers can exploit this vulnerability via the email parameter in a POST request to execute arbitrary SQL commands.... Read more

    Affected Products : directory_management_system
    • Published: Apr. 30, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4174

    A vulnerability, which was classified as critical, has been found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql inje... Read more

    Affected Products : covid19_testing_management_system
    • Published: May. 01, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4176

    A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as critical. This vulnerability affects unknown code of the file /admin/request-received-bydonar.php. The manipulation of the argument searchdata leads to... Read more

    • Published: May. 01, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4241

    A vulnerability classified as critical has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is ... Read more

    • Published: May. 03, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2023-6257

    The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of pa... Read more

    Affected Products : inline_related_posts
    • Published: Apr. 11, 2024
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2025-4242

    A vulnerability classified as critical was found in PHPGurukul Online Birth Certificate System 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/between-dates-report.php. The manipulation of the argument fromdate leads to ... Read more

    Affected Products : online_birth_certificate_system
    • Published: May. 03, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4309

    A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add-art-type.php. The manipulation of the argument arttype leads to sql injec... Read more

    Affected Products : art_gallery_management_system
    • Published: May. 06, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2023-49334

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 20, 2024
    • Modified: May. 09, 2025

  • 8.8

    HIGH
    CVE-2023-49333

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 20, 2024
    • Modified: May. 09, 2025

  • 7.2

    HIGH
    CVE-2024-21791

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 22, 2024
    • Modified: May. 09, 2025

  • 8.8

    HIGH
    CVE-2023-49335

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 20, 2024
    • Modified: May. 09, 2025

  • 8.8

    HIGH
    CVE-2023-49332

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 20, 2024
    • Modified: May. 09, 2025

  • 8.8

    HIGH
    CVE-2023-49331

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 20, 2024
    • Modified: May. 09, 2025

  • 6.5

    MEDIUM
    CVE-2024-1290

    The User Registration WordPress plugin before 2.12 does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts.... Read more

    • Published: Mar. 11, 2024
    • Modified: May. 09, 2025

  • 8.8

    HIGH
    CVE-2025-1232

    The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks... Read more

    Affected Products : site_reviews
    • Published: Mar. 19, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291712 Results