Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-4345

    A vulnerability was found in D-Link DIR-600L up to 2.07B01 and classified as critical. This issue affects the function formSetLog. The manipulation of the argument host leads to buffer overflow. The attack may be initiated remotely. This vulnerability onl... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: May. 06, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4344

    A vulnerability, which was classified as critical, was found in D-Link DIR-600L up to 2.07B01. This affects the function formLogin. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. This vulner... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: May. 06, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2025-30290

    ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit... Read more

    Affected Products : coldfusion
    • Published: Apr. 08, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Path Traversal

  • 8.0

    HIGH
    CVE-2025-32956

    ManageWiki is a MediaWiki extension allowing users to manage wikis. Versions before commit f504ed8, are vulnerable to SQL injection when renaming a namespace in Special:ManageWiki/namespaces when using a page prefix (namespace name, which is the current n... Read more

    Affected Products : managewiki
    • Published: Apr. 21, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-25351

    PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the dateexpense parameter.... Read more

    Affected Products : daily_expense_tracker_system
    • Published: Feb. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-0427

    Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform valid GPU processing operations to gain access t... Read more

    • Published: May. 02, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-0072

    Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to gain access to already freed memory. ... Read more

    • Published: May. 02, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2024-25301

    Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php.... Read more

    Affected Products : redaxo
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-25224

    A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Size Number parameter under the Add Size function.... Read more

    Affected Products : simple_admin_panel
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-25223

    Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php.... Read more

    Affected Products : simple_admin_panel
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 8.8

    HIGH
    CVE-2024-21683

    This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitra... Read more

    • Published: May. 21, 2024
    • Modified: May. 12, 2025

  • 7.8

    HIGH
    CVE-2023-22514

    This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.14 of Sourcetree for Mac and Sourcetree for Windows. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.8, and a CVSS Vector of: CVSS:3.0/... Read more

    Affected Products : sourcetree
    • Published: Jan. 16, 2024
    • Modified: May. 12, 2025

  • 7.5

    HIGH
    CVE-2023-22512

    This High severity DoS (Denial of Service) vulnerability was introduced in version 5.6.0 of Confluence Data Center and Server. With a CVSS Score of 7.5, this vulnerability allows an unauthenticated attacker to cause a resource to be unavailable for its in... Read more

    • Published: Jan. 16, 2024
    • Modified: May. 12, 2025

  • 6.1

    MEDIUM
    CVE-2024-25221

    A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php.... Read more

    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-25220

    Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID parameter at /TaskManager/EditTask.php.... Read more

    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 7.2

    HIGH
    CVE-2024-25213

    Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php.... Read more

    Affected Products : employee_management_system
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-25211

    Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the category parameter at /endpoint/delete_category.php.... Read more

    Affected Products : simple_expense_tracker_app
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-25210

    Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/delete_expense.php.... Read more

    Affected Products : simple_expense_tracker_app
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-25209

    Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php.... Read more

    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-25207

    Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary ... Read more

    Affected Products : barangay_management_system
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025
Showing 20 of 292792 Results