Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-56428

    The local iLabClient database in itech iLabClient 3.7.1 allows local attackers to read cleartext credentials (from the CONFIGS table) for their servers configured in the client.... Read more

    Affected Products : ilabclient
    • Published: May. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-25539

    Local File Inclusion vulnerability in Vasco v3.14and before allows a remote attacker to obtain sensitive information via help menu.... Read more

    • Published: May. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-45754

    A stored cross-site scripting (XSS) vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as the document name.... Read more

    Affected Products : seeddms
    • Published: May. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2023-47032

    Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function.... Read more

    Affected Products : terminal_handler
    • Published: Jun. 23, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2023-47295

    A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings.... Read more

    Affected Products : terminal_handler
    • Published: Jun. 23, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-47031

    An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component.... Read more

    Affected Products : terminal_handler
    • Published: Jun. 23, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-50348

    PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in update-class-pic.php.... Read more

    Affected Products : pre-school_enrollment_system
    • Published: Jun. 23, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2023-26512

    CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via rabbitmq mess... Read more

    • Published: Jul. 17, 2023
    • Modified: Jun. 25, 2025

  • 7.5

    HIGH
    CVE-2025-50349

    PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in update-teacher-pic.php.... Read more

    Affected Products : pre-school_enrollment_system
    • Published: Jun. 23, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2023-47030

    An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists.... Read more

    Affected Products : terminal_handler
    • Published: Jun. 23, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-1635

    A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately,... Read more

    • Published: Feb. 19, 2024
    • Modified: Jun. 25, 2025

  • 7.3

    HIGH
    CVE-2024-1233

    A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a ... Read more

    Affected Products : undertow
    • Published: Apr. 09, 2024
    • Modified: Jun. 25, 2025

  • 7.5

    HIGH
    CVE-2023-5379

    A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP res... Read more

    • Published: Dec. 12, 2023
    • Modified: Jun. 25, 2025

  • 9.8

    CRITICAL
    CVE-2025-47438

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpjobportal WP Job Portal allows PHP Local File Inclusion. This issue affects WP Job Portal: from n/a through 2.3.1.... Read more

    Affected Products : wp_job_portal
    • Published: May. 23, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-48273

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpjobportal WP Job Portal allows Path Traversal. This issue affects WP Job Portal: from n/a through 2.3.2.... Read more

    Affected Products : wp_job_portal
    • Published: May. 23, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-5139

    A vulnerability was found in Qualitor 8.20/8.24. It has been rated as critical. Affected by this issue is some unknown functionality of the file /html/ad/adconexaooffice365/request/testaConexaoOffice365.php of the component Office 365-type Connection Hand... Read more

    Affected Products : qualitor
    • Published: May. 25, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-45880

    A cross-site scripting (XSS) vulnerability in the data resource management function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload.... Read more

    Affected Products : amygdala
    • Published: Jun. 17, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-45878

    A cross-site scripting (XSS) vulnerability in the report manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload.... Read more

    Affected Products : amygdala
    • Published: Jun. 17, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-6122

    A vulnerability, which was classified as critical, was found in code-projects Restaurant Order System 1.0. This affects an unknown part of the file /table.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the atta... Read more

    • Published: Jun. 16, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2024-48766

    NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.... Read more

    Affected Products : netalertx *
    • Published: May. 13, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Path Traversal
Showing 20 of 294503 Results