Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-57522

    SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in Users.php. An attacker can inject a malicious script into the username or name field during user creation.... Read more

    • Published: Feb. 03, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.5

    MEDIUM
    CVE-2024-57523

    Cross Site Request Forgery (CSRF) in Users.php in SourceCodester Packers and Movers Management System 1.0 allows attackers to create unauthorized admin accounts via crafted requests sent to an authenticated admin user.... Read more

    • Published: Feb. 06, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2023-51297

    A lack of rate limiting in the 'Email Settings' feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-ma... Read more

    Affected Products : hotel_booking_system
    • Published: Feb. 19, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 4.7

    MEDIUM
    CVE-2023-51298

    PHPJabbers Event Booking Calendar v4.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System O... Read more

    Affected Products : event_booking_calendar
    • Published: Feb. 19, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2023-51299

    PHPJabbers Hotel Booking System v4.0 is vulnerable to HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters.... Read more

    Affected Products : hotel_booking_system
    • Published: Feb. 19, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2023-51300

    PHPJabbers Hotel Booking System v4.0 is vulnerable to Cross-Site Scripting (XSS) vulnerabilities in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters.... Read more

    Affected Products : hotel_booking_system
    • Published: Feb. 19, 2025
    • Modified: Apr. 22, 2025

  • 4.4

    MEDIUM
    CVE-2024-20030

    In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID:... Read more

    Affected Products : android mt6779 mt6785 mt6833 mt6853 mt6873 mt6877 mt6885 mt6893 mt6739 +10 more products
    • Published: Mar. 04, 2024
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2025-0532

    A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/new_submit.php. The manipulation of the argument m_id leads to sql injection. It is possible ... Read more

    • Published: Jan. 17, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2024-20029

    In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477406; ... Read more

    Affected Products : android mt6985 mt6989 mt8678 mt8796
    • Published: Mar. 04, 2024
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2025-0535

    A vulnerability classified as critical has been found in Codezips Gym Management System 1.0. This affects an unknown part of the file /dashboard/admin/edit_mem_submit.php. The manipulation of the argument uid leads to sql injection. It is possible to init... Read more

    • Published: Jan. 17, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2024-57252

    OtCMS <=V7.46 is vulnerable to Server-Side Request Forgery (SSRF) in /admin/read.php, which can Read system files arbitrarily.... Read more

    Affected Products : otcms
    • Published: Jan. 17, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-0565

    A vulnerability was found in ZZCMS 2023. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The explo... Read more

    Affected Products : zzcms
    • Published: Jan. 19, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-50766

    SourceCodester Survey Application System 1.0 is vulnerable to SQL Injection in takeSurvey.php via the id parameter.... Read more

    • Published: Nov. 07, 2024
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2025-3402

    A vulnerability was found in Seeyon Zhiyuan Interconnect FE Collaborative Office Platform 5.5.2 and classified as critical. This issue affects some unknown processing of the file /sysform/042/check.js%70. The manipulation of the argument Name leads to sql... Read more

    Affected Products : fe_collaborative_office_platform
    • Published: Apr. 08, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2022-46904

    Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Self-X... Read more

    Affected Products : websoft_hcm
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2022-46903

    Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Stored... Read more

    Affected Products : websoft_hcm
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 7.2

    HIGH
    CVE-2022-45997

    Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow.... Read more

    Affected Products : w20e_firmware w15e
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 7.2

    HIGH
    CVE-2022-45996

    Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output.... Read more

    Affected Products : w20e_firmware w15e
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2022-45980

    Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet .... Read more

    Affected Products : ax12_firmware ax12
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2022-45979

    Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /goform/fast_setting_wifi_set .... Read more

    Affected Products : ax12_firmware ax12
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025
Showing 20 of 293631 Results