Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.0

    MEDIUM
    CVE-2024-3447

    A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to cr... Read more

    Affected Products : qemu hci_compute_node
    • Published: Nov. 14, 2024
    • Modified: Aug. 05, 2025

  • 7.5

    HIGH
    CVE-2024-43426

    A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed.... Read more

    Affected Products : moodle
    • Published: Nov. 07, 2024
    • Modified: Aug. 05, 2025

  • 9.8

    CRITICAL
    CVE-2025-8466

    A vulnerability was found in code-projects Online Farm System 1.0. It has been classified as critical. Affected is an unknown function of the file /forgot_passfarmer.php. The manipulation of the argument email leads to sql injection. It is possible to lau... Read more

    Affected Products : online_farm_system
    • Published: Aug. 02, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8467

    A vulnerability was found in code-projects Wazifa System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /controllers/regcontrol.php. The manipulation of the argument Username leads to sql inje... Read more

    Affected Products : wazifa_system
    • Published: Aug. 02, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8468

    A vulnerability was found in code-projects Wazifa System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /controllers/reset.php. The manipulation of the argument email leads to sql injection. The attack... Read more

    Affected Products : wazifa_system
    • Published: Aug. 02, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-53893

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.38.0, a Denial of Service (DoS) vulnerability exists in the file processing logic when reading... Read more

    Affected Products : filebrowser
    • Published: Jul. 15, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2024-7730

    A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds... Read more

    Affected Products : qemu
    • Published: Nov. 14, 2024
    • Modified: Aug. 05, 2025

  • 9.8

    CRITICAL
    CVE-2025-53826

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.39.0, File Browser’s authentication system issues long-lived JWT tokens that remain valid even... Read more

    Affected Products : filebrowser
    • Published: Jul. 15, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-8469

    A vulnerability classified as critical has been found in SourceCodester Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/deletegallery.php. The manipulation of the argument ID leads to sql injection. It is possible to i... Read more

    • Published: Aug. 02, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8470

    A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /admin/deleteroom.php. The manipulation of the argument ID leads to sql injection. The attack can b... Read more

    • Published: Aug. 02, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2025-52904

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0 of the web application, all users have a scope assigned, and they only have access to the ... Read more

    Affected Products : filebrowser
    • Published: Jun. 26, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-8471

    A vulnerability, which was classified as critical, has been found in projectworlds Online Admission System 1.0. This issue affects some unknown processing of the file /adminlogin.php. The manipulation of the argument a_id leads to sql injection. The attac... Read more

    Affected Products : online_admission_system
    • Published: Aug. 02, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2025-52903

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0, the Command Execution feature of File Browser only allows the execution of shell command ... Read more

    Affected Products : filebrowser
    • Published: Jun. 26, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-8493

    A vulnerability classified as critical was found in code-projects Intern Membership Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_student_query.php. The manipulation of the argument ID leads to sql injection. The a... Read more

    • Published: Aug. 02, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2024-10397

    A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code.... Read more

    Affected Products : openafs
    • Published: Nov. 14, 2024
    • Modified: Aug. 05, 2025

  • 9.1

    CRITICAL
    CVE-2023-20154

    A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. This vulnerability is due to the improper handling of certain me... Read more

    Affected Products : modeling_labs
    • Published: Nov. 15, 2024
    • Modified: Aug. 05, 2025

  • 5.4

    MEDIUM
    CVE-2025-46732

    OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL `NotificationLineNotificationMarkReadMutation` and `NotificationLineNotificationDeleteMutation... Read more

    Affected Products : opencti
    • Published: Jul. 18, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2023-6604

    A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format ... Read more

    Affected Products : ffmpeg
    • Published: Jan. 06, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Denial of Service

  • 4.7

    MEDIUM
    CVE-2023-6601

    A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.... Read more

    Affected Products : ffmpeg
    • Published: Jan. 06, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2024-11858

    A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintende... Read more

    Affected Products : radare2
    • Published: Dec. 15, 2024
    • Modified: Aug. 05, 2025
Showing 20 of 291562 Results