Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-2512

    The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthentica... Read more

    Affected Products : file_away
    • Published: Mar. 19, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2025-26530

    The question bank filter required additional sanitizing to prevent a reflected XSS risk.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-53606

    Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): 2.4.0. Users are recommended to upgrade to version 2.5.0, which fixes the issue.... Read more

    Affected Products : seata
    • Published: Aug. 08, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Misconfiguration

  • 9.0

    CRITICAL
    CVE-2025-24936

    The web application allows user input to pass unfiltered to a command executed on the underlying operating system. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. A... Read more

    Affected Products : wavesuite_noc
    • Published: Jul. 21, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 9.0

    CRITICAL
    CVE-2025-24937

    File contents could be read from the local file system by an attacker. Additionally, malicious code could be inserted in the file, leading to a full compromise of the web application and the container it is running on. The vulnerable component is bound t... Read more

    Affected Products : wavesuite_noc
    • Published: Jul. 21, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Path Traversal

  • 8.4

    HIGH
    CVE-2025-24938

    The web application allows user input to pass unfiltered to a command executed on the underlying operating system. An attacker with high privileged access (administrator) to the application has the potential execute commands on the operating system under ... Read more

    Affected Products : wavesuite_noc
    • Published: Jul. 21, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-50468

    OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query.... Read more

    Affected Products : openmetadata
    • Published: Aug. 08, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-50467

    OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query.... Read more

    Affected Products : openmetadata
    • Published: Aug. 08, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-50466

    OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The entityType parameter can be used to build a SQL query.... Read more

    Affected Products : openmetadata
    • Published: Aug. 08, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-50465

    OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query.... Read more

    Affected Products : openmetadata
    • Published: Aug. 08, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-54397

    Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 inserts Sensitive Information Into Sent Data to authenticated users.... Read more

    Affected Products : directory_manager
    • Published: Aug. 07, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-54396

    Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows SQL Injection. Authenticated users can exploit this.... Read more

    Affected Products : directory_manager
    • Published: Aug. 07, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-54395

    Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication configuration data.... Read more

    Affected Products : directory_manager
    • Published: Aug. 07, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-54394

    Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 has Insufficiently Protected Credentials for requests to remote Excel resources.... Read more

    Affected Products : directory_manager
    • Published: Aug. 07, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-54393

    Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows Static Code Injection. Authenticated users can obtain administrative access.... Read more

    Affected Products : directory_manager
    • Published: Aug. 07, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-54392

    Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data, a different vulnerability than CVE-2025-47189.... Read more

    Affected Products : directory_manager
    • Published: Aug. 07, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2023-41532

    Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the doctor_contact parameter in doctorsearch.php.... Read more

    Affected Products : hospital_management_system
    • Published: Aug. 07, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2023-41531

    Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2 parameters.... Read more

    Affected Products : hospital_management_system
    • Published: Aug. 07, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-41530

    Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.... Read more

    Affected Products : hospital_management_system
    • Published: Aug. 07, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2023-41529

    Hospital Management System v4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in func2.php via the fname and lname parameters.... Read more

    Affected Products : hospital_management_system
    • Published: Aug. 07, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291647 Results