Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2025-50754

    Unisite CMS version 5.0 contains a stored Cross-Site Scripting (XSS) vulnerability in the "Report" functionality. A malicious script submitted by an attacker is rendered in the admin panel when viewed by an administrator. This allows attackers to hijack t... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2013-10051

    A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and ex... Read more

    Affected Products : instantcms
    • Published: Aug. 01, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-46654

    CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file.... Read more

    Affected Products : codimd codimd
    • Published: Apr. 26, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-13041

    An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overri... Read more

    Affected Products : gitlab
    • Published: Jan. 09, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2024-20407

    A vulnerability in the interaction between the TCP Intercept feature and the Snort 3 detection engine on Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured policies on an affected system. Dev... Read more

    Affected Products : firepower_threat_defense
    • Published: Oct. 23, 2024
    • Modified: Aug. 05, 2025

  • 6.5

    MEDIUM
    CVE-2024-20515

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to a lack of proper data prot... Read more

    Affected Products : identity_services_engine
    • Published: Oct. 02, 2024
    • Modified: Aug. 05, 2025

  • 9.8

    CRITICAL
    CVE-2025-8497

    A vulnerability was found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /cusfindphar2.php. The manipulation of the argument Search leads to sql injection. The attack... Read more

    Affected Products : online_medicine_guide
    • Published: Aug. 03, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-20275

    A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating... Read more

    • Published: Oct. 23, 2024
    • Modified: Aug. 05, 2025

  • 5.5

    MEDIUM
    CVE-2024-20274

    A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-ge... Read more

    • Published: Oct. 23, 2024
    • Modified: Aug. 05, 2025

  • 9.8

    CRITICAL
    CVE-2025-8498

    A vulnerability was found in code-projects Online Medicine Guide 1.0. It has been classified as critical. This affects an unknown part of the file /cart/index.php. The manipulation of the argument uname leads to sql injection. It is possible to initiate t... Read more

    Affected Products : online_medicine_guide
    • Published: Aug. 03, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8499

    A vulnerability was found in code-projects Online Medicine Guide 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cusfindambulence2.php. The manipulation of the argument Search leads to sql injection. The attack ... Read more

    Affected Products : online_medicine_guide
    • Published: Aug. 03, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8502

    A vulnerability classified as critical was found in code-projects Online Medicine Guide 1.0. Affected by this vulnerability is an unknown functionality of the file /changepass.php. The manipulation of the argument ups leads to sql injection. The attack ca... Read more

    Affected Products : online_medicine_guide
    • Published: Aug. 03, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-20362

    A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interf... Read more

    • Published: Apr. 03, 2024
    • Modified: Aug. 05, 2025

  • 7.4

    HIGH
    CVE-2024-20276

    A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly. This vulnerability is due to improper handling of process-switched traff... Read more

    • Published: Mar. 27, 2024
    • Modified: Aug. 05, 2025

  • 9.8

    CRITICAL
    CVE-2025-8503

    A vulnerability, which was classified as critical, has been found in code-projects Online Medicine Guide 1.0. Affected by this issue is some unknown functionality of the file /adaddmed.php. The manipulation of the argument mname leads to sql injection. Th... Read more

    Affected Products : online_medicine_guide
    • Published: Aug. 03, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 5.8

    MEDIUM
    CVE-2024-20322

    A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper ass... Read more

    • Published: Mar. 13, 2024
    • Modified: Aug. 05, 2025

  • 5.4

    MEDIUM
    CVE-2025-8501

    A vulnerability classified as problematic has been found in code-projects Human Resource Integrated System 1.0. Affected is an unknown function of the file /insert-and-view/action.php. The manipulation of the argument content leads to cross site scripting... Read more

    • Published: Aug. 03, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-8500

    A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insert-and-view/action.php. The manipulation of the argument content leads to sql injec... Read more

    • Published: Aug. 03, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-53944

    AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents. In v0.6.15 and below, the external API's get_graph_execution_results endpoint has an authorization bypass vulnerability. While it correctly va... Read more

    Affected Products : autogpt autogpt_platform
    • Published: Jul. 30, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-20320

    A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affecte... Read more

    Affected Products : ios_xr 8201 8202 8101-32fh 8102-64h 8201-32fh 8804 8808 8812 8818 +48 more products
    • Published: Mar. 13, 2024
    • Modified: Aug. 05, 2025
Showing 20 of 291384 Results