Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-50201

    WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, an OS Command Injection vulnerability was identified in the /html/configuracao/debug_info.php endpoint. The branch parameter is not properly sanitized before being concatenated an... Read more

    Affected Products : wegia
    • Published: Jun. 19, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-6607

    A vulnerability, which was classified as critical, was found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/stock.php. The manipulation of the argument ID leads to sql injection. It is possible to la... Read more

    Affected Products : best_salon_management_system
    • Published: Jun. 25, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-52474

    WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, a SQL Injection vulnerability was identified in the id parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries and acce... Read more

    Affected Products : wegia
    • Published: Jun. 19, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2024-27685

    SQL Injection vulnerability in Student Record system Using PHP and MySQL v.3.20 allows a remote attacker to obtain sensitive information via a crafted payload to the $cshortname, $cfullname, and $cdate variables.... Read more

    Affected Products : student_record_system
    • Published: Jun. 25, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-4840

    The inprosysmedia-likes-dislikes-post WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection... Read more

    Affected Products : likes_and_dislikes
    • Published: Jun. 10, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-4954

    The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users (author and above) to upload arbitrary files such as PHP on the server... Read more

    Affected Products : axle_demo_importer
    • Published: Jun. 10, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2025-24049

    Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-5687

    A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN 2.28.0 < (macOS).... Read more

    Affected Products : vpn
    • Published: Jun. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-5986

    A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage d... Read more

    Affected Products : thunderbird
    • Published: Jun. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-0823

    IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary fi... Read more

    Affected Products : cognos_analytics
    • Published: Feb. 28, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2024-56340

    IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.... Read more

    Affected Products : cognos_analytics
    • Published: Feb. 28, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2024-49352

    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose s... Read more

    Affected Products : cognos_analytics
    • Published: Feb. 05, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: XML External Entity

  • 9.0

    CRITICAL
    CVE-2024-51466

    IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources,... Read more

    Affected Products : cognos_analytics
    • Published: Dec. 20, 2024
    • Modified: Jul. 02, 2025

  • 5.4

    MEDIUM
    CVE-2025-29744

    pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers.... Read more

    Affected Products : pg-promise
    • Published: Jun. 12, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-24055

    Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 8.0

    HIGH
    CVE-2024-40695

    IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload maliciou... Read more

    Affected Products : cognos_analytics
    • Published: Dec. 20, 2024
    • Modified: Jul. 02, 2025

  • 7.8

    HIGH
    CVE-2025-24057

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-24050

    Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-44091

    yangyouwang crud v1.0.0 is vulnerable to Cross Site Scripting (XSS) via the role management function.... Read more

    Affected Products : crud
    • Published: Jun. 12, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-24051

    Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293675 Results