Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-53495

    Missing Authorization vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Unauthorized Access.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2.... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-31022

    Authentication Bypass Using an Alternate Path or Channel vulnerability in PayU PayU India allows Authentication Abuse.This issue affects PayU India: from n/a before 3.8.8.... Read more

    Affected Products : payu_india_payment_gateway
    • Published: Jun. 09, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 8.0

    HIGH
    CVE-2025-1500

    IBM Maximo Application Suite 9.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened.... Read more

    Affected Products : maximo_application_suite
    • Published: Apr. 05, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-0158

    IBM EntireX 11.1 could allow a local user to cause a denial of service due to an unhandled error and fault isolation.... Read more

    Affected Products : linux_kernel windows entirex
    • Published: Feb. 06, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service

  • 3.3

    LOW
    CVE-2025-0759

    IBM EntireX 11.1 could allow a local user to unintentionally modify data timestamp integrity due to improper shared resource synchronization.... Read more

    Affected Products : linux_kernel windows entirex
    • Published: Feb. 27, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Race Condition

  • 9.3

    HIGH
    CVE-2020-1192

    A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-... Read more

    Affected Products : visual_studio_code python
    • EPSS Score: %35.46
    • Published: May. 21, 2020
    • Modified: Jul. 08, 2025

  • 9.3

    HIGH
    CVE-2020-1171

    A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2... Read more

    Affected Products : visual_studio_code python
    • EPSS Score: %30.34
    • Published: May. 21, 2020
    • Modified: Jul. 08, 2025

  • 5.9

    MEDIUM
    CVE-2024-38314

    IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment.... Read more

    Affected Products : maximo_application_suite
    • Published: Oct. 24, 2024
    • Modified: Jul. 08, 2025

  • 6.3

    MEDIUM
    CVE-2024-22351

    IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.... Read more

    • Published: Apr. 23, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-25045

    IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system.... Read more

    • Published: Apr. 23, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-4128

    Mattermost versions 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/t... Read more

    Affected Products : mattermost_server
    • Published: Jun. 11, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-7180

    A vulnerability, which was classified as critical, has been found in code-projects Staff Audit System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument User leads to sql injection. The attack may be i... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7181

    A vulnerability, which was classified as critical, was found in code-projects Staff Audit System 1.0. Affected is an unknown function of the file /test.php. The manipulation of the argument uploadedfile leads to unrestricted upload. It is possible to laun... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-7179

    A vulnerability classified as critical was found in code-projects Library System 1.0. This vulnerability affects unknown code of the file /add-teacher.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remot... Read more

    Affected Products : library_system
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7178

    A vulnerability classified as critical has been found in code-projects Food Distributor Site 1.0. This affects an unknown part of the file /admin/login.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the a... Read more

    Affected Products : food_distributor_site
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-7177

    A vulnerability was found in PHPGurukul Car Washing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/editcar-washpoint.php. The manipulation of the argument wpid leads to sql inj... Read more

    Affected Products : car_washing_management_system
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7176

    A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view-medhistory.php. The manipulation of the argument viewid leads to sql inje... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-7175

    A vulnerability was found in code-projects E-Commerce Site 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to ... Read more

    Affected Products : e-commerce_site
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-7174

    A vulnerability was found in code-projects Library System 1.0 and classified as critical. This issue affects some unknown processing of the file /teacher-issue-book.php. The manipulation of the argument idn leads to sql injection. The attack may be initia... Read more

    Affected Products : library_system
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7165

    A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email leads to sql injec... Read more

    Affected Products : cyber_cafe_management_system
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection
Showing 20 of 291878 Results