Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-6959

    A vulnerability classified as critical has been found in Campcodes Employee Management System 1.0. Affected is an unknown function of the file /eloginwel.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack ... Read more

    Affected Products : employee_management_system
    • Published: Jul. 01, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6958

    A vulnerability was found in Campcodes Employee Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /edit.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated... Read more

    Affected Products : employee_management_system
    • Published: Jul. 01, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6957

    A vulnerability was found in Campcodes Employee Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /process/eprocess.php. The manipulation of the argument mailuid leads to sql injection. The attack... Read more

    Affected Products : employee_management_system
    • Published: Jul. 01, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6956

    A vulnerability was found in Campcodes Employee Management System 1.0. It has been classified as critical. This affects an unknown part of the file /changepassemp.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate ... Read more

    Affected Products : employee_management_system
    • Published: Jul. 01, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6955

    A vulnerability was found in Campcodes Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /process/aprocess.php. The manipulation of the argument mailuid leads to sql injection. The ... Read more

    Affected Products : employee_management_system
    • Published: Jul. 01, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6954

    A vulnerability has been found in Campcodes Employee Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /applyleave.php. The manipulation of the argument ID leads to sql injection. The ... Read more

    Affected Products : employee_management_system
    • Published: Jul. 01, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-6953

    A vulnerability, which was classified as critical, was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submi... Read more

    Affected Products : a3002ru_firmware a3002ru
    • Published: Jul. 01, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-6755

    The Game Users Share Buttons plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaxDeleteTheme() function in all versions up to, and including, 1.3.0. This makes it possible for Subscriber-level ... Read more

    Affected Products : game_users_share_button
    • Published: Jun. 28, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-6463

    The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'entry_delete_upload_files' function in all versions up to, and including... Read more

    Affected Products : forminator forminator_forms
    • Published: Jul. 02, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-6464

    The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.44.2 via deserialization of untrusted input in the 'entry_delete_upload_files' funct... Read more

    Affected Products : forminator forminator_forms
    • Published: Jul. 02, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-49180

    A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.... Read more

    • Published: Jun. 17, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-49179

    A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.... Read more

    • Published: Jun. 17, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-49176

    A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.... Read more

    • Published: Jun. 17, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-49175

    A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.... Read more

    • Published: Jun. 17, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-32073

    Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - HTML Tags allows Cross-Site Scripting (XSS).This issue affects Mediawiki - HTML Tags: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-32069

    Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Media Info Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Wikibase Media Info Extension: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2019-10219

    A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.... Read more

    • Published: Nov. 08, 2019
    • Modified: Jul. 07, 2025

  • 8.4

    HIGH
    CVE-2025-24803

    Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric c... Read more

    Affected Products : mobile_security_framework
    • Published: Feb. 05, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-40091

    Vilo 5 Mesh WiFi System <= 5.16.1.33 lacks authentication in the Boa webserver, which allows remote, unauthenticated attackers to retrieve logs with sensitive system.... Read more

    Affected Products : vilo_5_firmware vilo_5
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 7.8

    HIGH
    CVE-2024-49538

    Illustrator versions 29.0.0, 28.7.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu... Read more

    Affected Products : macos windows illustrator
    • Published: Dec. 10, 2024
    • Modified: Jul. 07, 2025
Showing 20 of 293980 Results