Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-36039

    IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms,... Read more

    Affected Products : aspera_faspex
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2025-20185

    A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate p... Read more

    • Published: Feb. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-8336

    A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=save_user. The manipulation of the argument ID leads to sql injection. The a... Read more

    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-36040

    IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms.... Read more

    Affected Products : aspera_faspex
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-8338

    A vulnerability was found in projectworlds Online Admission System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /adminac.php. The manipulation of the argument ID leads to sql injection. The attack may be... Read more

    Affected Products : online_admission_system
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-36563

    Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser.... Read more

    Affected Products : powercms
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-41391

    Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser.... Read more

    Affected Products : powercms
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-41396

    A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user.... Read more

    Affected Products : powercms
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2025-50866

    CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the email parameter of the postquerypublic endpoint. Improper sanitization allows an attacker to inject arbitrary JavaScript code that executes in the context ... Read more

    Affected Products : cloudclassroom
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.4

    CRITICAL
    CVE-2025-8426

    Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability. This vulnerability allows remote attackers to disclose sensitive information or to create a denial-of-service condition on affecte... Read more

    Affected Products : qconvergeconsole
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Path Traversal

  • 5.8

    MEDIUM
    CVE-2025-5921

    The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both authenticated and unauthenticated users.... Read more

    Affected Products : sureforms
    • Published: Aug. 01, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-8436

    A vulnerability was found in projectworlds Online Admission System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /viewdoc.php. The manipulation of the argument ID leads to sql injection. The attack ma... Read more

    Affected Products : online_admission_system
    • Published: Aug. 01, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-20392

    A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to insufficient input vali... Read more

    • Published: May. 15, 2024
    • Modified: Aug. 06, 2025

  • 8.6

    HIGH
    CVE-2025-46359

    A path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator may execute arbitrary code by restoring a crafted backup file.... Read more

    Affected Products : powercms
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Path Traversal

  • 8.0

    HIGH
    CVE-2025-54752

    Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed.... Read more

    Affected Products : powercms
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 8.0

    HIGH
    CVE-2025-54757

    Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser.... Read more

    Affected Products : powercms
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-8378

    A vulnerability was found in Campcodes Online Hotel Reservation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument username/... Read more

    Affected Products : online_hotel_reservation_system
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-8379

    A vulnerability classified as critical has been found in Campcodes Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/edit_room.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to i... Read more

    Affected Products : online_hotel_reservation_system
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-42651

    NanoMQ v0.17.9 was discovered to contain a heap use-after-free vulnerability via the component sub_Ctx_handle. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SUBSCRIBE message.... Read more

    Affected Products : nanomq
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-8380

    A vulnerability classified as problematic was found in Campcodes Online Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /admin/add_query_account.php. The manipulation of the argument Name leads to cross site scripting. Th... Read more

    Affected Products : online_hotel_reservation_system
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291551 Results