Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 7.2

    HIGH
    CVE-2024-13162

    SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-... Read more

    Affected Products : endpoint_manager
    • Published: Jan. 14, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection
  • 7.2

    HIGH
    CVE-2025-6770

    OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution... Read more

    Affected Products : endpoint_manager_mobile
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection
  • 7.2

    HIGH
    CVE-2025-6771

    OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution... Read more

    Affected Products : endpoint_manager_mobile
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection
  • 7.5

    HIGH
    CVE-2025-6970

    The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter ... Read more

    Affected Products : events_manager
    • Published: Jul. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection
  • 6.1

    MEDIUM
    CVE-2025-6975

    The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘calendar_header’ parameter in all versions up to, and including, 7.0.3 due to insufficient input sanitization and out... Read more

    Affected Products : events_manager
    • Published: Jul. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting
  • 6.4

    MEDIUM
    CVE-2025-6976

    The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escapi... Read more

    Affected Products : events_manager
    • Published: Jul. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting
  • 8.4

    HIGH
    CVE-2025-6995

    Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.... Read more

    Affected Products : endpoint_manager
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cryptography
  • 8.4

    HIGH
    CVE-2025-6996

    Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.... Read more

    Affected Products : endpoint_manager
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cryptography
  • 7.2

    HIGH
    CVE-2025-7037

    SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database... Read more

    Affected Products : endpoint_manager
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection
  • 8.8

    HIGH
    CVE-2025-7186

    A vulnerability was found in code-projects Chat System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /user/fetch_chat.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated... Read more

    Affected Products : chat_system chat_system
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection
  • 9.0

    CRITICAL
    CVE-2025-49136

    listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env` and `expandenv` template functions which is enabled by default in Sprig enables capturing of env variables on host.... Read more

    Affected Products : listmonk
    • Published: Jun. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Information Disclosure
  • 8.8

    HIGH
    CVE-2025-7187

    A vulnerability classified as critical has been found in code-projects Chat System 1.0. Affected is an unknown function of the file /user/fetch_member.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack rem... Read more

    Affected Products : chat_system chat_system
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection
  • 8.8

    HIGH
    CVE-2025-7188

    A vulnerability classified as critical was found in code-projects Chat System 1.0. Affected by this vulnerability is an unknown functionality of the file /user/addmember.php. The manipulation of the argument ID leads to sql injection. The attack can be la... Read more

    Affected Products : chat_system chat_system
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection
  • 8.8

    HIGH
    CVE-2025-7210

    A vulnerability was found in code-projects/Fabian Ros Library Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/profile_update.php. The manipulation of the argument photo leads to unre... Read more

    • Published: Jul. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication
  • 8.8

    HIGH
    CVE-2025-7189

    A vulnerability, which was classified as critical, has been found in code-projects Chat System 1.0. Affected by this issue is some unknown functionality of the file /user/send_message.php. The manipulation of the argument msg leads to sql injection. The a... Read more

    Affected Products : chat_system chat_system
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection
  • 8.8

    HIGH
    CVE-2025-7190

    A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. This affects an unknown part of the file /admin/student_edit_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is... Read more

    Affected Products : library_management_system
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication
  • 9.8

    CRITICAL
    CVE-2025-7191

    A vulnerability has been found in code-projects Student Enrollment System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be i... Read more

    Affected Products : student_enrollment
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection
  • 9.8

    CRITICAL
    CVE-2025-7196

    A vulnerability was found in code-projects Jonnys Liquor 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /browse.php. The manipulation of the argument Search leads to sql injection. The attack may be la... Read more

    Affected Products : jonnys_liquor
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection
  • 9.8

    CRITICAL
    CVE-2025-7197

    A vulnerability classified as critical has been found in code-projects Jonnys Liquor 1.0. This affects an unknown part of the file /admin/delete-row.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack rem... Read more

    Affected Products : jonnys_liquor
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection
  • 9.8

    CRITICAL
    CVE-2025-7198

    A vulnerability classified as critical was found in code-projects Jonnys Liquor 1.0. This vulnerability affects unknown code of the file /admin/admin-area.php. The manipulation of the argument drink leads to sql injection. The attack can be initiated remo... Read more

    Affected Products : jonnys_liquor
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection
Showing 20 of 291513 Results