Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-13145

    A vulnerability classified as critical was found in zhenfeng13 My-Blog 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/site/blog/my/core/controller/admin/uploadController. java. The manipulation of the argument fil... Read more

    Affected Products : my-blog my-blog
    • Published: Jan. 06, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-13195

    A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. It has been classified as critical. This affects the function getHtml of the file src/main/java/org/zdd/bookstore/rawl/HttpUtil.java. The manipulation of the argument url leads to server-side... Read more

    Affected Products : bookstore
    • Published: Jan. 09, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.4

    MEDIUM
    CVE-2024-13196

    A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. It has been declared as problematic. This vulnerability affects the function BookSearchList of the file src/main/java/org/zdd/bookstore/web/controller/BookInfoController.java. The manipulatio... Read more

    Affected Products : bookstore
    • Published: Jan. 09, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-13197

    A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. It has been rated as problematic. This issue affects the function updateUser of the file src/main/Java/org/zdd/bookstore/web/controller/admin/AdminUserControlle.java. The manipulation leads t... Read more

    Affected Products : bookstore
    • Published: Jan. 09, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2024-13210

    A vulnerability was found in donglight bookstore电商书城系统说明 1.0. It has been declared as critical. Affected by this vulnerability is the function uploadPicture of the file src/main/java/org/zdd/bookstore/web/controller/admin/AdminBookController. java. The ma... Read more

    Affected Products : bookstore
    • Published: Jan. 09, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2024-13454

    Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA key when created using OpenSSL 3... Read more

    Affected Products : easy-rsa
    • Published: Jan. 20, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cryptography

  • 9.1

    CRITICAL
    CVE-2024-41165

    A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger ... Read more

    Affected Products : word
    • Published: Dec. 18, 2024
    • Modified: Aug. 22, 2025

  • 9.1

    CRITICAL
    CVE-2024-43106

    A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. A specially crafted library can leverage Excel's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigge... Read more

    Affected Products : excel
    • Published: Dec. 18, 2024
    • Modified: Aug. 22, 2025

  • 9.1

    CRITICAL
    CVE-2024-42220

    A library injection vulnerability exists in Microsoft Outlook 16.83.3 for macOS. A specially crafted library can leverage Outlook's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to ... Read more

    Affected Products : outlook
    • Published: Dec. 18, 2024
    • Modified: Aug. 22, 2025

  • 9.8

    CRITICAL
    CVE-2025-9302

    A vulnerability was identified in PHPGurukul User Management System 1.0. This vulnerability affects unknown code of the file /signup.php. Such manipulation of the argument emailid leads to sql injection. The attack can be executed remotely. The exploit is... Read more

    Affected Products : user_management_system
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9304

    A weakness has been identified in SourceCodester Online Bank Management System 1.0. Impacted is an unknown function of the file /bank/show.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from a remote ... Read more

    Affected Products : online_bank_management_system
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9305

    A security vulnerability has been detected in SourceCodester Online Bank Management System 1.0. The affected element is an unknown function of the file /bank/mnotice.php. The manipulation of the argument ID leads to sql injection. It is possible to initia... Read more

    Affected Products : online_bank_management_system
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-32442

    Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0 as well as version 4.29.0, applications that specify different validation strategies for different content types have a possibility to bypass validation by providing... Read more

    Affected Products : fastify
    • Published: Apr. 18, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 9.4

    CRITICAL
    CVE-2025-24902

    WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `salvar_cargo.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access... Read more

    Affected Products : wegia
    • Published: Feb. 03, 2025
    • Modified: Aug. 22, 2025

  • 5.0

    MEDIUM
    CVE-2025-24021

    iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the i... Read more

    Affected Products : itop
    • Published: May. 14, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-9306

    A vulnerability was detected in SourceCodester Advanced School Management System 1.0. The impacted element is an unknown function of the file /index.php/notice/addNotice. The manipulation of the argument noticeSubject results in cross site scripting. It i... Read more

    Affected Products : advanced_school_management_system
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-9307

    A flaw has been found in PHPGurukul Online Course Registration 3.1. This affects an unknown function of the file /admin/session.php. This manipulation of the argument sesssion causes sql injection. The attack can be initiated remotely. The exploit has bee... Read more

    Affected Products : online_course_registration
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-57761

    WeGIA is a Web manager for charitable institutions. Prior to 3.4.10, there is a SQL Injection vulnerability in the /html/funcionario/dependente_remover.php endpoint, specifically in the id_funcionario parameter. This vulnerability allows attackers to exec... Read more

    Affected Products : wegia
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-57762

    WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, there is a Stored Cross-Site Scripting (XSS) vulnerability in the dependente_docdependente.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious s... Read more

    Affected Products : wegia
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-57763

    WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, there is a Reflected Cross-Site Scripting (XSS) vulnerability in the insere_despacho.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts... Read more

    Affected Products : wegia
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291722 Results