Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-8339

    A vulnerability was found in code-projects Intern Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /student_login.php. The manipulation of the argument user_name/password leads to sql injection... Read more

    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-8131

    A vulnerability was found in Tenda AC20 16.03.08.05. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer over... Read more

    Affected Products : ac20_firmware ac20
    • Published: Jul. 25, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Memory Corruption

  • 5.8

    MEDIUM
    CVE-2025-20183

    A vulnerability in a policy-based Cisco Application Visibility and Control (AVC) implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to evade the antivirus scanner and download a maliciou... Read more

    • Published: Feb. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Misconfiguration

  • 9.0

    HIGH
    CVE-2025-8160

    A vulnerability classified as critical has been found in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/SetSysTimeCfg of the component httpd. The manipulation of the argument timeZone leads to buffer overflow. It is poss... Read more

    Affected Products : ac20_firmware ac20
    • Published: Jul. 25, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-8180

    A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function formdeleteUserName of the file /goform/deleteUserName. The manipulation of the argument old_account leads to buffer overflow. T... Read more

    Affected Products : ch22_firmware ch22
    • Published: Jul. 26, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-0932

    Use After Free vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to perform valid GPU processing operations, including vi... Read more

    • Published: Aug. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-8431

    A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/add-boat.php. The manipulation of the argument boatname leads to sql injection. The attack can be i... Read more

    Affected Products : boat_booking_system
    • Published: Aug. 01, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-8433

    A vulnerability was found in code-projects Document Management System 1.0 and classified as critical. This issue affects the function unlink of the file /dell.php. The manipulation of the argument ID leads to path traversal. The attack may be initiated re... Read more

    Affected Products : document_management_system
    • Published: Aug. 01, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-8434

    A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been classified as critical. Affected is an unknown function of the file /admin.php. The manipulation of the argument ID leads to missing authorization. It is possible to launch... Read more

    Affected Products : online_movie_streaming
    • Published: Aug. 01, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-8435

    A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-control.php. The manipulation of the argument ID leads to missing author... Read more

    Affected Products : online_movie_streaming
    • Published: Aug. 01, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-8437

    A vulnerability classified as critical has been found in code-projects Kitchen Treasure 1.0. This affects an unknown part of the file /userregistration.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the atta... Read more

    Affected Products : kitchen_treasure
    • Published: Aug. 01, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8438

    A vulnerability classified as critical was found in code-projects Wazifa System 1.0. This vulnerability affects unknown code of the file /controllers/postpublish.php. The manipulation of the argument post leads to sql injection. The attack can be initiate... Read more

    Affected Products : wazifa_system
    • Published: Aug. 01, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8439

    A vulnerability, which was classified as critical, has been found in code-projects Wazifa System 1.0. This issue affects some unknown processing of the file /controllers/updatesettings.php. The manipulation of the argument Password leads to sql injection.... Read more

    Affected Products : wazifa_system
    • Published: Aug. 01, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8441

    A vulnerability, which was classified as critical, was found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /pharsignup.php. The manipulation of the argument phuname leads to sql injection. It is possible to launch... Read more

    Affected Products : online_medicine_guide
    • Published: Aug. 01, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8442

    A vulnerability has been found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cussignup.php. The manipulation of the argument uname leads to sql injection. The... Read more

    Affected Products : online_medicine_guide
    • Published: Aug. 01, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8443

    A vulnerability was found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. The attack may be ... Read more

    Affected Products : online_medicine_guide
    • Published: Aug. 01, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-52279

    Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to versi... Read more

    Affected Products : zeppelin
    • Published: Aug. 03, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-8494

    A vulnerability, which was classified as critical, has been found in code-projects Intern Membership Management System 1.0. This issue affects some unknown processing of the file /admin/delete_student.php. The manipulation of the argument ID leads to sql ... Read more

    • Published: Aug. 03, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-43438

    A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report.... Read more

    Affected Products : moodle
    • Published: Nov. 07, 2024
    • Modified: Aug. 05, 2025

  • 7.2

    HIGH
    CVE-2024-43436

    A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators.... Read more

    Affected Products : moodle
    • Published: Nov. 07, 2024
    • Modified: Aug. 05, 2025
Showing 20 of 293510 Results