Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-0409

    A vulnerability classified as critical has been found in liujianview gymxmjpa 1.0. This affects the function MembertypeDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/MembertypeController.java. The manipulation of the argument typeName l... Read more

    Affected Products : gymxmjpa
    • Published: Jan. 13, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0408

    A vulnerability was found in liujianview gymxmjpa 1.0. It has been rated as critical. Affected by this issue is the function LoosDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/LoosController.java. The manipulation of the argument loosNa... Read more

    Affected Products : gymxmjpa
    • Published: Jan. 13, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0407

    A vulnerability was found in liujianview gymxmjpa 1.0. It has been declared as critical. Affected by this vulnerability is the function EquipmentDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/EquipmentController.java. The manipulation o... Read more

    Affected Products : gymxmjpa
    • Published: Jan. 13, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0406

    A vulnerability was found in liujianview gymxmjpa 1.0. It has been classified as critical. Affected is the function SubjectDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/SubjectController.java. The manipulation of the argument subname l... Read more

    Affected Products : gymxmjpa
    • Published: Jan. 13, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0405

    A vulnerability was found in liujianview gymxmjpa 1.0 and classified as critical. This issue affects the function GoodsDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/GoodsController.java. The manipulation of the argument goodsName leads... Read more

    Affected Products : gymxmjpa
    • Published: Jan. 13, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0490

    A vulnerability, which was classified as critical, has been found in Fanli2012 native-php-cms 1.0. This issue affects some unknown processing of the file /fladmin/article_dodel.php. The manipulation of the argument id leads to sql injection. The attack ma... Read more

    Affected Products : native-php-cms native-php-cms
    • Published: Jan. 15, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0489

    A vulnerability classified as critical was found in Fanli2012 native-php-cms 1.0. This vulnerability affects unknown code of the file /fladmin/friendlink_dodel.php. The manipulation of the argument id leads to sql injection. The attack can be initiated re... Read more

    Affected Products : native-php-cms native-php-cms
    • Published: Jan. 15, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0488

    A vulnerability classified as critical has been found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file product_list.php. The manipulation of the argument cat leads to sql injection. It is possible to initiate the attack remotely. ... Read more

    Affected Products : native-php-cms native-php-cms
    • Published: Jan. 15, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 4.1

    MEDIUM
    CVE-2024-10638

    The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.11 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks... Read more

    • Published: Mar. 25, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2024-13095

    The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks... Read more

    Affected Products : wp_triggers_lite
    • Published: Jan. 27, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-0365

    The Fancy Product Designer WordPress plugin before 6.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators.... Read more

    Affected Products : fancy_product_designer
    • Published: Mar. 18, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-5174

    If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *This bug only affects Firefox on Windows when run in non-st... Read more

    Affected Products : firefox firefox_esr thunderbird windows
    • EPSS Score: %0.31
    • Published: Sep. 27, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-42852

    A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.... Read more

    • EPSS Score: %1.83
    • Published: Oct. 25, 2023
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2023-41068

    An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7. A user may be able to elevate privileges.... Read more

    Affected Products : iphone_os tvos watchos ipados
    • EPSS Score: %0.02
    • Published: Sep. 27, 2023
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2023-41063

    The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os tvos ipados
    • EPSS Score: %0.04
    • Published: Sep. 27, 2023
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2023-40419

    The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to gain elevated privileges.... Read more

    Affected Products : iphone_os tvos watchos ipados
    • EPSS Score: %0.02
    • Published: Sep. 27, 2023
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2023-40418

    An authentication issue was addressed with improved state management. This issue is fixed in watchOS 10. An Apple Watch Ultra may not lock when using the Depth app.... Read more

    Affected Products : watchos watch_ultra watch_ultra_2
    • EPSS Score: %0.10
    • Published: Sep. 27, 2023
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2023-40125

    In onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for explo... Read more

    Affected Products : android
    • EPSS Score: %0.00
    • Published: Oct. 27, 2023
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2023-40120

    In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not ne... Read more

    Affected Products : android
    • EPSS Score: %0.00
    • Published: Oct. 27, 2023
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2023-40116

    In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User i... Read more

    Affected Products : android
    • EPSS Score: %0.00
    • Published: Oct. 27, 2023
    • Modified: May. 05, 2025
Showing 20 of 291219 Results