Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-7925

    A vulnerability, which was classified as problematic, has been found in PHPGurukul Online Banquet Booking System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument user_login/userpasswo... Read more

    Affected Products : online_banquet_booking_system
    • Published: Jul. 21, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-7926

    A vulnerability, which was classified as problematic, was found in PHPGurukul Online Banquet Booking System 1.0. This affects an unknown part of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to cross site scripting.... Read more

    Affected Products : online_banquet_booking_system
    • Published: Jul. 21, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-7927

    A vulnerability has been found in PHPGurukul Online Banquet Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/view-user-queries.php. The manipulation of the argument viewid leads to sql injection. Th... Read more

    Affected Products : online_banquet_booking_system
    • Published: Jul. 21, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-7941

    A vulnerability, which was classified as problematic, was found in PHPGurukul Time Table Generator System 1.0. Affected is an unknown function of the file /admin/profile.php. The manipulation of the argument adminname leads to cross site scripting. It is ... Read more

    Affected Products : time_table_generator_system
    • Published: Jul. 21, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-7942

    A vulnerability has been found in PHPGurukul Taxi Stand Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument adminname leads ... Read more

    • Published: Jul. 21, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-7943

    A vulnerability was found in PHPGurukul Taxi Stand Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/search-autoortaxi.php. The manipulation of the argument searchdata leads to cro... Read more

    • Published: Jul. 21, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-7944

    A vulnerability was found in PHPGurukul Taxi Stand Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /search.php. The manipulation of the argument searchdata leads to cross site scripting. It is possibl... Read more

    • Published: Jul. 21, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.6

    LOW
    CVE-2025-4878

    A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing fa... Read more

    Affected Products : libssh
    • Published: Jul. 22, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-47187

    A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit through 6.4 SP4 (R6.4.0.4006) or version V1 R0.1.0, could allow an unauthenticated attacker to perform a file up... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-24725

    Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.... Read more

    Affected Products : gibbon
    • Published: Mar. 23, 2024
    • Modified: Jul. 29, 2025

  • 7.4

    HIGH
    CVE-2024-25078

    A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and kernel 5.6: IB191... Read more

    Affected Products : insydeh2o kernel
    • Published: May. 15, 2024
    • Modified: Jul. 29, 2025

  • 8.1

    HIGH
    CVE-2024-11398

    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vector... Read more

    Affected Products : router_manager router_manager
    • Published: Dec. 04, 2024
    • Modified: Jul. 29, 2025

  • 7.5

    HIGH
    CVE-2024-11603

    A Server-Side Request Forgery (SSRF) vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the `/queue/join?` endpoint, where insufficient validation of the path parameter allows an attacker to send crafted requests. This... Read more

    Affected Products : fastchat
    • Published: Mar. 20, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.7

    HIGH
    CVE-2024-11625

    Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 1... Read more

    Affected Products : sitefinity
    • Published: Jan. 07, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Information Disclosure

  • 8.4

    HIGH
    CVE-2024-11626

    Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.822... Read more

    Affected Products : sitefinity
    • Published: Jan. 07, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2024-53286

    Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to ... Read more

    Affected Products : router_manager router_manager
    • Published: Jul. 23, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 5.9

    MEDIUM
    CVE-2024-53287

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in VPN Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject... Read more

    Affected Products : router_manager router_manager
    • Published: Jul. 23, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2024-53288

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in NTP Region functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject ... Read more

    Affected Products : router_manager router_manager
    • Published: Jul. 23, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2024-11627

    : Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.842... Read more

    Affected Products : sitefinity
    • Published: Jan. 07, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2024-11681

    A malicious or compromised MacPorts mirror can execute arbitrary commands as root on the machine of a client running port selfupdate against the mirror.... Read more

    Affected Products : macos macports
    • Published: Jan. 07, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Supply Chain
Showing 20 of 292318 Results