Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-8381

    A vulnerability, which was classified as critical, has been found in Campcodes Online Hotel Reservation System 1.0. This issue affects some unknown processing of the file /add_reserve.php. The manipulation of the argument room_id leads to sql injection. T... Read more

    Affected Products : online_hotel_reservation_system
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-8382

    A vulnerability, which was classified as critical, was found in Campcodes Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/edit_room.php. The manipulation of the argument room_id leads to sql injection. It is possibl... Read more

    Affected Products : online_hotel_reservation_system
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2014-7210

    pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends are not affected.... Read more

    Affected Products : debian_linux pdns
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 8.0

    HIGH
    CVE-2025-52289

    A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending" to "active" without requirin... Read more

    Affected Products : magnusbilling
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2014-6274

    git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS credentials were stored in the git repository in (effectively) plaintext, not encrypted as they... Read more

    Affected Products : git-annex
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-50847

    Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request.... Read more

    Affected Products : cs-cart
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-50848

    A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This allows an attacker to upload ... Read more

    Affected Products : cs-cart
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2014-0468

    Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories (SVN, Git, Bzr...). This issue affects fusionforge: before 5.3+20140506.... Read more

    Affected Products : fusionforge
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-50850

    An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passw... Read more

    Affected Products : cs-cart
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-50867

    A SQL Injection vulnerability exists in the takeassessment2.php endpoint of the CloudClassroom-PHP-Project 1.0, where the Q5 POST parameter is directly embedded in SQL statements without sanitization.... Read more

    Affected Products : cloudclassroom
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 5.6

    MEDIUM
    CVE-2013-1424

    Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787.... Read more

    Affected Products : matplotlib
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-25691

    A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.... Read more

    Affected Products : prestashop
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2024-45955

    Rocket Software Rocket Zena 4.4.1.26 is vulnerable to SQL Injection via the filter parameter.... Read more

    Affected Products : zena
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-41431

    When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate in the standby BIG-IP systems in a traffic group. Note: Software versions which have reached End of Techni... Read more

    • Published: May. 07, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 7.3

    HIGH
    CVE-2025-52490

    An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output.... Read more

    Affected Products : sync_gateway
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-22891

    When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software v... Read more

    • Published: Feb. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2025-45346

    SQL Injection vulnerability in Bacula-web before v.9.7.1 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request.... Read more

    Affected Products : bacula-web
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2024-43018

    Piwigo 13.8.0 and below is vulnerable to SQL Injection in the parameters max_level and min_register. These parameters are used in ws_user_gerList function from file include\ws_functions\pwg.users.php and this same function is called by ws.php file at some... Read more

    Affected Products : piwigo
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-23239

    When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reac... Read more

    • Published: Feb. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-51951

    andisearch v0.5.249 was discovered to contain a cross-site scripting (XSS) vulnerability.... Read more

    Affected Products : andisearch
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291551 Results