Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-4080

    A vulnerability has been found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/view-request.php. The manipulation of the argument viewid leads to sql in... Read more

    Affected Products : online_nurse_hiring_system
    • Published: Apr. 29, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2019-10173

    It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling X... Read more

    • Published: Jul. 23, 2019
    • Modified: May. 14, 2025

  • 7.5

    HIGH
    CVE-2025-30202

    vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.8.5 are vulnerable to denial of service and data exposure via ZeroMQ on multi-node vLLM deployment. In a multi-node vLLM depl... Read more

    Affected Products : vllm
    • Published: Apr. 30, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-2907

    The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. ... Read more

    • Published: Apr. 26, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-3998

    A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file renew.php?id=6. The manipulation of the argument ID leads to sql injection. The attack can be initiated rem... Read more

    Affected Products : membership_management_system
    • Published: Apr. 28, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-4021

    A vulnerability was found in code-projects Patient Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /edit_spatient.php. The manipulation of the argument ID leads to sql injection. It is possible to... Read more

    • Published: Apr. 28, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-4022

    A vulnerability was found in web-arena-x webarena up to 0.2.0. It has been declared as critical. This vulnerability affects the function HTMLContentEvaluator of the file webarena/evaluation_harness/evaluators.py. The manipulation of the argument target["u... Read more

    Affected Products : webarena
    • Published: Apr. 28, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 3.4

    LOW
    CVE-2022-41597

    The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.... Read more

    Affected Products : emui harmonyos
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 3.4

    LOW
    CVE-2022-41595

    The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.... Read more

    Affected Products : emui harmonyos
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 8.8

    HIGH
    CVE-2022-3158

    Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information f... Read more

    Affected Products : factorytalk_vantagepoint
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 9.8

    CRITICAL
    CVE-2025-4023

    A vulnerability was found in itsourcecode Placement Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add_company.php. The manipulation of the argument Name leads to sql injection. The attack may... Read more

    Affected Products : placement_management_system
    • Published: Apr. 28, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2015-2079

    Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open.... Read more

    Affected Products : usermin usermin
    • Published: Apr. 28, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2022-41871

    SEPPmail through 12.1.17 allows command injection within the Admin Portal. An authenticated attacker is able to execute arbitrary code in the context of the user root.... Read more

    Affected Products : seppmail
    • Published: Apr. 28, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2024-57439

    An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service (DoS) by duplicating the login name of the account.... Read more

    Affected Products : ruoyi
    • Published: Jan. 29, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2024-57438

    Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles.... Read more

    Affected Products : ruoyi
    • Published: Jan. 29, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-57437

    RuoYi v4.8.0 was discovered to contain a SQL injection vulnerability via the orderby parameter at /monitor/online/list.... Read more

    Affected Products : ruoyi
    • Published: Jan. 29, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2024-57436

    RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie.... Read more

    Affected Products : ruoyi
    • Published: Jan. 29, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2024-54762

    Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection.... Read more

    Affected Products : ruoyi
    • Published: Jan. 09, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-42900

    Ruoyi v4.7.9 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the sql parameter of the createTable() function at /tool/gen/create.... Read more

    Affected Products : ruoyi
    • Published: Aug. 28, 2024
    • Modified: May. 14, 2025

  • 6.1

    MEDIUM
    CVE-2024-6511

    A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Affected by this vulnerability is the function isJsonRequest of the component Content-Type Handler. The manipulation of the argument HttpHeaders.CONTENT_TYPE leads to cros... Read more

    Affected Products : ruoyi
    • Published: Jul. 04, 2024
    • Modified: May. 14, 2025
Showing 20 of 293508 Results