Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-9027

    A vulnerability has been found in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /addelivery.php. The manipulation of the argument deName leads to sql injection. The attack can be initiated remotely. The explo... Read more

    Affected Products : online_medicine_guide
    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-9028

    A vulnerability was found in code-projects Online Medicine Guide 1.0. This issue affects some unknown processing of the file /adphar.php. The manipulation of the argument phuname leads to sql injection. The attack may be initiated remotely. The exploit ha... Read more

    Affected Products : online_medicine_guide
    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-9021

    A vulnerability was determined in SourceCodester Online Bank Management System up to 1.0. This vulnerability affects unknown code of the file /bank/transfer.php. The manipulation of the argument email leads to sql injection. The attack can be initiated re... Read more

    Affected Products : online_bank_management_system
    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025

  • 7.8

    HIGH
    CVE-2024-27244

    Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access.... Read more

    • Published: May. 15, 2024
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-9022

    A vulnerability was identified in SourceCodester Online Bank Management System up to 1.0. This issue affects some unknown processing of the file /bank/statements.php. The manipulation of the argument email leads to sql injection. The attack may be initiat... Read more

    Affected Products : online_bank_management_system
    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-9024

    A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /book-appointment.php. The manipulation of the argument Message leads to sql injection. The attack can be ... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025

  • 5.4

    MEDIUM
    CVE-2024-5383

    A vulnerability classified as problematic has been found in lakernote EasyAdmin up to 20240324. This affects an unknown part of the file /sys/file/upload. The manipulation of the argument file leads to cross site scripting. It is possible to initiate the ... Read more

    Affected Products : easyadmin
    • Published: May. 26, 2024
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2025-9025

    A vulnerability was determined in code-projects Simple Cafe Ordering System 1.0. Affected by this issue is some unknown functionality of the file /portal.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely.... Read more

    Affected Products : simple_cafe_ordering_system
    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025

  • 6.9

    MEDIUM
    CVE-2025-54364

    Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module. option_descriptions employs an inefficient regular expression pattern: "\s(:param)\s+(.+?)\s:(.*)" that is susceptible to catastrophic backtracki... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025

  • 6.9

    MEDIUM
    CVE-2025-54363

    Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module. extract_full_summary_from_signature employs an inefficient regular expression pattern: "\s(:param)\s+(.+?)\s:(.*)" that is susceptible to catastr... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025

  • 7.0

    HIGH
    CVE-2025-45767

    jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not meet recommended security standards" does not reflect guidance in a final publication.... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 21, 2025

  • 7.1

    HIGH
    CVE-2025-2503

    An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user.... Read more

    Affected Products : pc_manager
    • Published: May. 30, 2025
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-6004

    A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printer connections until the system is rebooted.... Read more

    Affected Products :
    • Published: Aug. 16, 2024
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-5210

    A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to prevent printer services from being reachable until the system is rebooted.... Read more

    Affected Products :
    • Published: Aug. 16, 2024
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-5209

    A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printing capabilities until the system is rebooted.... Read more

    Affected Products :
    • Published: Aug. 16, 2024
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-4782

    A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to disrupt the printer's functionality until a manual system reboot occurs.... Read more

    Affected Products :
    • Published: Aug. 16, 2024
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-4781

    A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to crash printer communications until the system is rebooted.... Read more

    Affected Products :
    • Published: Aug. 16, 2024
    • Modified: Aug. 21, 2025

  • 7.5

    HIGH
    CVE-2023-6603

    A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization.... Read more

    Affected Products : ffmpeg
    • Published: Dec. 31, 2024
    • Modified: Aug. 21, 2025

  • 4.8

    MEDIUM
    CVE-2023-38533

    A vulnerability has been identified in TIA Administrator (All versions < V3 SP2). The affected component creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the updat... Read more

    Affected Products : tia_administrator
    • Published: Jun. 11, 2024
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2024-37905

    authentik is an open-source Identity Provider that emphasizes flexibility and versatility. Authentik API-Access-Token mechanism can be exploited to gain admin user privileges. A successful exploit of the issue will result in a user gaining full admin acce... Read more

    Affected Products : authentik
    • Published: Jun. 28, 2024
    • Modified: Aug. 21, 2025
Showing 20 of 290954 Results