Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-2548

    A vulnerability, which was classified as problematic, was found in D-Link DIR-618 and DIR-605L 2.02/3.02. Affected is an unknown function of the file /goform/formSetDomainFilter. The manipulation leads to improper access controls. The attack can only be i... Read more

    • Published: Mar. 20, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-43563

    ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could leverage this vulnerability to access or modify sensitive d... Read more

    Affected Products : coldfusion
    • Published: May. 13, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-43564

    ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could leverage this vulnerability to access or modify sensitive d... Read more

    Affected Products : coldfusion
    • Published: May. 13, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 3.5

    LOW
    CVE-2025-47096

    Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass, allowing a low impact to the integrity of the component. Exploitation of this issue requires us... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 2.4

    LOW
    CVE-2025-49546

    ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Access Control vulnerability that could lead to a partial application denial-of-service. A high-privileged attacker could exploit this vulnerability to partially disrupt ... Read more

    Affected Products : coldfusion
    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-30281

    ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution. A high-privileged attacker could leverage this vulnerability to access or modify sensitive dat... Read more

    Affected Products : coldfusion
    • Published: Apr. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2025-47110

    Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fiel... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Jun. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-2546

    A vulnerability classified as problematic was found in D-Link DIR-618 and DIR-605L 2.02/3.02. This vulnerability affects unknown code of the file /goform/formAdvFirewall of the component Firewall Service. The manipulation leads to improper access controls... Read more

    • Published: Mar. 20, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-13030

    A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. It has been rated as critical. This issue affects the function SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/SetParentsControlInfo/SetQoSSettings/SetVirtualServerSett... Read more

    Affected Products : dir-823g_firmware dir-823g
    • Published: Dec. 30, 2024
    • Modified: Jul. 15, 2025

  • 9.8

    CRITICAL
    CVE-2025-7461

    A vulnerability was found in code-projects Modern Bag 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /action.php. The manipulation of the argument proId leads to sql injection. The attack may be launched r... Read more

    Affected Products : modern_bag
    • Published: Jul. 12, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7516

    A vulnerability classified as critical was found in code-projects Online Appointment Booking System 1.0. This vulnerability affects unknown code of the file /cancelbookingpatient.php. The manipulation of the argument appointment leads to sql injection. Th... Read more

    Affected Products : online_appointment_booking_system
    • Published: Jul. 13, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7517

    A vulnerability, which was classified as critical, has been found in code-projects Online Appointment Booking System 1.0. This issue affects some unknown processing of the file /getDay.php. The manipulation of the argument cidval leads to sql injection. T... Read more

    Affected Products : online_appointment_booking_system
    • Published: Jul. 13, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-7548

    A vulnerability has been found in Tenda FH1201 1.2.0.14(408) and classified as critical. This vulnerability affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer ove... Read more

    Affected Products : fh1201_firmware fh1201
    • Published: Jul. 13, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-7549

    A vulnerability was found in Tenda FH1201 1.2.0.14(408) and classified as critical. This issue affects the function frmL7ProtForm of the file /goform/L7Prot. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be ini... Read more

    Affected Products : fh1201_firmware fh1201
    • Published: Jul. 13, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-7550

    A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been classified as critical. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to stack-based buffer overflow. It is po... Read more

    Affected Products : fh1201_firmware fh1201
    • Published: Jul. 13, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-7551

    A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been declared as critical. Affected by this vulnerability is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument modino/username leads to stack-base... Read more

    Affected Products : fh1201_firmware fh1201
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-7562

    A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. Affected is an unknown function of the file /admin/new-requests.php. The manipulation of the argument teamid leads to sql injection. It is possible to la... Read more

    Affected Products : online_fire_reporting_system
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-7568

    A vulnerability was found in qianfox FoxCMS up to 1.2.5. It has been classified as critical. Affected is the function batchCope of the file app/admin/controller/Video.php. The manipulation of the argument ids leads to sql injection. It is possible to laun... Read more

    Affected Products : foxcms foxcms
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-7585

    A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been classified as critical. Affected is an unknown function of the file /admin/manage-site.php. The manipulation of the argument webtitle leads to sql injection. It is possi... Read more

    Affected Products : online_fire_reporting_system
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-7588

    A vulnerability classified as critical has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This affects an unknown part of the file edit-product.php. The manipulation of the argument productname leads to sql injection. It is possible to in... Read more

    Affected Products : dairy_farm_shop_management_system
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection
Showing 20 of 291384 Results