Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-6346

    A vulnerability was found in SourceCodester Advance Charity Management System 1.0. It has been classified as critical. This affects an unknown part of the file /members/fundDetails.php. The manipulation of the argument m06 leads to sql injection. It is po... Read more

    Affected Products : advance_charity_management_system
    • Published: Jun. 20, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-44203

    In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, ... Read more

    Affected Products : hoteldruid
    • Published: Jun. 20, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-45890

    Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter... Read more

    Affected Products : novel-plus
    • Published: Jun. 20, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2023-36328

    Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS).... Read more

    Affected Products : fedora libtommath
    • Published: Sep. 01, 2023
    • Modified: Jun. 26, 2025

  • 7.5

    HIGH
    CVE-2023-28366

    The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling o... Read more

    Affected Products : mosquitto
    • Published: Sep. 01, 2023
    • Modified: Jun. 26, 2025

  • 9.8

    CRITICAL
    CVE-2025-6351

    A vulnerability was found in itsourcecode Employee Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /editprofile.php. The manipulation of the argument emp1name leads to sql injection. The ... Read more

    Affected Products : employee_management_system
    • Published: Jun. 20, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-6352

    A vulnerability classified as problematic has been found in code-projects Automated Voting System 1.0. Affected is an unknown function of the file /vote.php of the component Backend. The manipulation leads to direct request. It is possible to launch the a... Read more

    Affected Products : automated_voting_system
    • Published: Jun. 20, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-6354

    A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /function/customer_signup.php. The manipulation of the argument email leads to sql i... Read more

    Affected Products : online_shoe_store
    • Published: Jun. 20, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6355

    A vulnerability has been found in SourceCodester Online Hotel Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/execeditroom.php. The manipulation of the argument userid leads to sql injection. T... Read more

    • Published: Jun. 20, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6356

    A vulnerability was found in code-projects Simple Pizza Ordering System 1.0 and classified as critical. This issue affects some unknown processing of the file /addmem.php. The manipulation leads to sql injection. The attack may be initiated remotely. The ... Read more

    Affected Products : simple_pizza_ordering_system
    • Published: Jun. 20, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6357

    A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /paymentportal.php. The manipulation of the argument person leads to sql injection. It is possible... Read more

    Affected Products : simple_pizza_ordering_system
    • Published: Jun. 20, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6358

    A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /saveorder.php. The manipulation of the argument ID leads to sql injectio... Read more

    Affected Products : simple_pizza_ordering_system
    • Published: Jun. 20, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6359

    A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /cashconfirm.php. The manipulation of the argument transactioncode leads to sql in... Read more

    Affected Products : simple_pizza_ordering_system
    • Published: Jun. 20, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-47297

    A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations.... Read more

    Affected Products : terminal_handler
    • Published: Jun. 23, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2023-47298

    An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account status... Read more

    Affected Products : terminal_handler
    • Published: Jun. 23, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-6516

    A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approache... Read more

    Affected Products : hdf5
    • Published: Jun. 23, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2022-28463

    ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.... Read more

    Affected Products : debian_linux imagemagick
    • Published: May. 08, 2022
    • Modified: Jun. 25, 2025

  • 7.5

    HIGH
    CVE-2022-24763

    PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to upd... Read more

    Affected Products : debian_linux pjsip pjsip
    • Published: Mar. 30, 2022
    • Modified: Jun. 25, 2025

  • 7.8

    HIGH
    CVE-2022-26490

    st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.... Read more

    • Published: Mar. 06, 2022
    • Modified: Jun. 25, 2025

  • 7.8

    HIGH
    CVE-2022-28390

    ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.... Read more

    • Published: Apr. 03, 2022
    • Modified: Jun. 25, 2025
Showing 20 of 293654 Results