Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2024-5385

    A vulnerability, which was classified as problematic, has been found in oretnom23 Online Car Wash Booking System 1.0. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name with... Read more

    Affected Products : online_car_wash_booking_system
    • Published: May. 27, 2024
    • Modified: Jul. 30, 2025

  • 7.8

    HIGH
    CVE-2025-7546

    A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the... Read more

    Affected Products : binutils
    • Published: Jul. 13, 2025
    • Modified: Jul. 30, 2025

  • 7.8

    HIGH
    CVE-2025-7545

    A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement.... Read more

    Affected Products : binutils
    • Published: Jul. 13, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-5778

    A vulnerability, which was classified as critical, was found in 1000 Projects ABC Courier Management System 1.0. Affected is an unknown function of the file /admin. The manipulation of the argument Username leads to sql injection. It is possible to launch... Read more

    Affected Products : abc_courier_management_system
    • Published: Jun. 06, 2025
    • Modified: Jul. 30, 2025

  • 8.8

    HIGH
    CVE-2025-7755

    A vulnerability was found in code-projects Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/edit_product.php. The manipulation of the argument image leads to unrestricted upload. The ... Read more

    • Published: Jul. 17, 2025
    • Modified: Jul. 30, 2025

  • 4.9

    MEDIUM
    CVE-2024-7259

    A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.... Read more

    Affected Products : virtualization ovirt-engine
    • Published: Sep. 26, 2024
    • Modified: Jul. 30, 2025

  • 5.3

    MEDIUM
    CVE-2025-7756

    A vulnerability classified as problematic has been found in code-projects E-Commerce Site 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclo... Read more

    Affected Products : e-commerce_site
    • Published: Jul. 17, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-7757

    A vulnerability classified as critical was found in PHPGurukul Land Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit-property.php. The manipulation of the argument editid leads to sql injection. The attack ca... Read more

    Affected Products : land_record_system
    • Published: Jul. 17, 2025
    • Modified: Jul. 30, 2025

  • 6.5

    MEDIUM
    CVE-2025-7948

    A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/user/updatePwd. The manipulation leads to weak password recovery. The attack can be launched remot... Read more

    Affected Products : jsherp
    • Published: Jul. 22, 2025
    • Modified: Jul. 30, 2025

  • 8.1

    HIGH
    CVE-2025-7947

    A vulnerability classified as critical has been found in jshERP up to 3.5. Affected is an unknown function of the file /user/delete of the component Account Handler. The manipulation of the argument ID leads to improper authorization. It is possible to la... Read more

    Affected Products : jsherp
    • Published: Jul. 22, 2025
    • Modified: Jul. 30, 2025

  • 7.2

    HIGH
    CVE-2024-9855

    A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule_1 of the compone... Read more

    • Published: Oct. 11, 2024
    • Modified: Jul. 30, 2025

  • 5.1

    MEDIUM
    CVE-2024-9856

    A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been rated as problematic. Affected by this issue is some unknown functionality of the component System Settings Page. The manipulation of the argument Login Interface Copyright l... Read more

    • Published: Oct. 11, 2024
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-8755

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.... Read more

    Affected Products : loadmaster loadmaster
    • Published: Oct. 11, 2024
    • Modified: Jul. 30, 2025

  • 8.9

    HIGH
    CVE-2024-8912

    An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture HTTP responses destined for legitimate users. There are two Looker versions that are hosted by Looker: * Looker (Google Cloud core) was found to be vulnerab... Read more

    Affected Products : looker cloud_looker
    • Published: Oct. 11, 2024
    • Modified: Jul. 30, 2025

  • 7.2

    HIGH
    CVE-2024-9903

    A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload. It is possi... Read more

    • Published: Oct. 12, 2024
    • Modified: Jul. 30, 2025

  • 7.5

    HIGH
    CVE-2025-4948

    A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart me... Read more

    • Published: May. 19, 2025
    • Modified: Jul. 30, 2025

  • 7.3

    HIGH
    CVE-2025-48797

    A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a ... Read more

    • Published: May. 27, 2025
    • Modified: Jul. 30, 2025

  • 7.3

    HIGH
    CVE-2025-48796

    A flaw was found in GIMP. The GIMP ani_load_image() function is vulnerable to a stack-based overflow. If a user opens.ANI files, GIMP may be used to store more information than the capacity allows. This flaw allows a malicious ANI file to trigger arbitrar... Read more

    Affected Products : gimp
    • Published: May. 27, 2025
    • Modified: Jul. 30, 2025

  • 7.2

    HIGH
    CVE-2024-9904

    A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted uplo... Read more

    • Published: Oct. 13, 2024
    • Modified: Jul. 30, 2025

  • 7.5

    HIGH
    CVE-2024-1728

    gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SS... Read more

    Affected Products : gradio
    • Published: Apr. 10, 2024
    • Modified: Jul. 30, 2025
Showing 20 of 291005 Results