Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-6909

    A vulnerability has been found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-scdetails.php. The manipulation of the argument emeradd leads to ... Read more

    Affected Products : old_age_home_management_system
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 7.6

    HIGH
    CVE-2025-53258

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wow-Company Hover Effects hover-effects allows SQL Injection.This issue affects Hover Effects: from n/a through 2.1.2.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 7.4

    HIGH
    CVE-2024-1249

    A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the appli... Read more

    Affected Products : keycloak keycloak build_of_keycloak
    • Published: Apr. 17, 2024
    • Modified: Jul. 08, 2025

  • 8.8

    HIGH
    CVE-2025-6910

    A vulnerability was found in PHPGurukul Student Record System 3.2. It has been classified as critical. This affects an unknown part of the file /session.php. The manipulation of the argument session leads to sql injection. It is possible to initiate the a... Read more

    Affected Products : student_record_system
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-6911

    A vulnerability was found in PHPGurukul Student Record System 3.2. It has been declared as critical. This vulnerability affects unknown code of the file /manage-subjects.php. The manipulation of the argument del leads to sql injection. The attack can be i... Read more

    Affected Products : student_record_system
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-21194

    Microsoft Surface Security Feature Bypass Vulnerability... Read more

    • Published: Feb. 11, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-6912

    A vulnerability was found in PHPGurukul Student Record System 3.2. It has been rated as critical. This issue affects some unknown processing of the file /manage-students.php. The manipulation of the argument del leads to sql injection. The attack may be i... Read more

    Affected Products : student_record_system
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-6913

    A vulnerability classified as critical has been found in PHPGurukul Student Record System 3.2. Affected is an unknown function of the file /admin-profile.php. The manipulation of the argument aemailid leads to sql injection. It is possible to launch the a... Read more

    Affected Products : student_record_system
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-6914

    A vulnerability classified as critical was found in PHPGurukul Student Record System 3.2. Affected by this vulnerability is an unknown functionality of the file /edit-student.php. The manipulation of the argument fmarks2 leads to sql injection. The attack... Read more

    Affected Products : student_record_system
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-45931

    An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-46702

    Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with me... Read more

    Affected Products : mattermost_server
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-47871

    Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly validate channel membership when retrieving playbook run metadata, allowing authenticated users who are playbook members but not... Read more

    Affected Products : mattermost_server
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-52895

    Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, SQL injection could be achieved via a specially crafted request, which could allow malicious person to gain access to sensitive information. This issue has been patch... Read more

    Affected Products : frappe
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-52896

    Frappe is a full-stack web application framework. Prior to versions 14.94.2 and 15.57.0, authenticated users could upload carefully crafted malicious files via Data Import, leading to cross-site scripting (XSS). This issue has been patched in versions 14.... Read more

    Affected Products : frappe
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-6437

    The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘oid’ parameter in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of... Read more

    Affected Products : ads_pro
    • Published: Jul. 02, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-24778

    Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know. This issue affects Apache StreamPipes: through 0.95.1. Users are recommended to upgrade to version 0.97.0 which... Read more

    Affected Products : streampipes
    • Published: Mar. 03, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-20197

    A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient i... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-20198

    A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient i... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-6459

    The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.89. This is due to missing or incorrect nonce validation on the bsaCreateAdTemplate f... Read more

    Affected Products : ads_pro
    • Published: Jul. 02, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.4

    MEDIUM
    CVE-2025-6686

    The Magic Buttons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's magic-button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied... Read more

    Affected Products : magic_buttons_for_elementor
    • Published: Jul. 02, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293613 Results