Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-8950

    A vulnerability was identified in Campcodes Online Recruitment Management System 1.0. This issue affects some unknown processing of the file /Recruitment/index.php?page=view_vacancy. The manipulation of the argument ID leads to sql injection. The attack m... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2025-50164

    Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-8951

    A vulnerability has been found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remo... Read more

    Affected Products : teachers_record_management_system
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8952

    A vulnerability was found in Campcodes Online Flight Booking Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Login. The manipulation of the argument Username leads... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-50166

    Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-8954

    A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to initiate ... Read more

    Affected Products : hospital_management_system
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 7.0

    HIGH
    CVE-2025-50167

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Race Condition

  • 9.8

    CRITICAL
    CVE-2025-8955

    A vulnerability has been found in PHPGurukul Hospital Management System 4.0. This vulnerability affects unknown code of the file /admin/edit-doctor.php. The manipulation of the argument docfees leads to sql injection. The attack can be initiated remotely.... Read more

    Affected Products : hospital_management_system
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8957

    A vulnerability was determined in Campcodes Online Flight Booking Management System 1.0. Affected is an unknown function of the file /flights.php. The manipulation of the argument departure_airport_id leads to sql injection. It is possible to launch the a... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-53792

    Azure Portal Elevation of Privilege Vulnerability... Read more

    Affected Products : azure_portal
    • Published: Aug. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-53787

    Microsoft 365 Copilot BizChat Information Disclosure Vulnerability... Read more

    • Published: Aug. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-53774

    Microsoft 365 Copilot BizChat Information Disclosure Vulnerability... Read more

    • Published: Aug. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-8960

    A vulnerability has been found in Campcodes Online Flight Booking Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/save_airlines.php. The manipulation of the argument ID leads to sql injection. The attack may ... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-53767

    Azure OpenAI Elevation of Privilege Vulnerability... Read more

    Affected Products : azure_open-ai azure_openai
    • Published: Aug. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-53771

    Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Published: Jul. 20, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2025-53762

    Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : purview office_purview
    • Published: Jul. 18, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-49747

    Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_machine_learning
    • Published: Jul. 18, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-49746

    Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_machine_learning
    • Published: Jul. 18, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-47995

    Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_machine_learning
    • Published: Jul. 18, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 9.0

    CRITICAL
    CVE-2025-47158

    Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_devops
    • Published: Jul. 18, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication
Showing 20 of 291562 Results