Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-5921

    An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same... Read more

    Affected Products : globalprotect globalprotect_app
    • Published: Nov. 27, 2024
    • Modified: Jun. 27, 2025

  • 9.8

    CRITICAL
    CVE-2025-6470

    A vulnerability classified as critical has been found in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /bidlog.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remo... Read more

    Affected Products : online_bidding_system
    • Published: Jun. 22, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-54280

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WPBookit allows SQL Injection.This issue affects WPBookit: from n/a through 1.6.0.... Read more

    Affected Products : wpbookit wpbookit
    • Published: Dec. 16, 2024
    • Modified: Jun. 27, 2025

  • 9.8

    CRITICAL
    CVE-2025-6469

    A vulnerability was found in code-projects Online Bidding System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /details.php. The manipulation of the argument ID leads to sql injection. The attack may be initiat... Read more

    Affected Products : online_bidding_system
    • Published: Jun. 22, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2025-0118

    A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they are a legitimate authenticate... Read more

    Affected Products : globalprotect globalprotect_app
    • Published: Mar. 12, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-0120

    A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution re... Read more

    Affected Products : globalprotect globalprotect_app
    • Published: Apr. 11, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2024-36538

    Insecure permissions in chaos-mesh v2.6.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.... Read more

    Affected Products : chaos-mesh
    • Published: Jul. 24, 2024
    • Modified: Jun. 27, 2025

  • 7.2

    HIGH
    CVE-2024-36537

    Insecure permissions in cert-manager v1.14.4 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.... Read more

    Affected Products : cert-manager
    • Published: Jul. 24, 2024
    • Modified: Jun. 27, 2025

  • 5.2

    MEDIUM
    CVE-2025-0135

    An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and... Read more

    Affected Products : globalprotect globalprotect_app
    • Published: May. 14, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-36536

    Insecure permissions in fabedge v0.8.1 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.... Read more

    Affected Products : fabedge
    • Published: Jul. 24, 2024
    • Modified: Jun. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-36540

    Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.... Read more

    Affected Products : external_secrets_operator
    • Published: Jul. 24, 2024
    • Modified: Jun. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-36539

    Insecure permissions in contour v1.28.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.... Read more

    Affected Products : contour
    • Published: Jul. 24, 2024
    • Modified: Jun. 27, 2025

  • 3.5

    LOW
    CVE-2025-4227

    An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Pal... Read more

    Affected Products : globalprotect globalprotect_app
    • Published: Jun. 13, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-6567

    A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file Recruitment/admin/view_application.php. The manipulation of the argument ID leads to sql... Read more

    • Published: Jun. 24, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-4232

    An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root.... Read more

    Affected Products : globalprotect globalprotect_app
    • Published: Jun. 13, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authorization

  • 9.0

    HIGH
    CVE-2025-6568

    A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url lea... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 24, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-6468

    A vulnerability was found in code-projects Online Bidding System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /bidnow.php. The manipulation of the argument ID leads to sql injection. The attack can be initiate... Read more

    Affected Products : online_bidding_system
    • Published: Jun. 22, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-50693

    PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Insecure Direct Object Reference (IDOR) in odms/request-details.php.... Read more

    • Published: Jun. 24, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-50695

    PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in /admin/view-booking-detail.php and /admin/invoice-generating.php.... Read more

    • Published: Jun. 24, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-6467

    A vulnerability was found in code-projects Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /login.php. The manipulation of the argument User leads to sql injection. It is possible to initiate the att... Read more

    Affected Products : online_bidding_system
    • Published: Jun. 22, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection
Showing 20 of 293951 Results