Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    CVSS31
    CVE-2025-32126

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cmsMinds Pay with Contact Form 7 allows SQL Injection. This issue affects Pay with Contact Form 7: from n/a through 1.0.4.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 7.6

    CVSS31
    CVE-2025-32125

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silvasoft Silvasoft boekhouden allows SQL Injection. This issue affects Silvasoft boekhouden: from n/a through 3.0.1.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 7.6

    CVSS31
    CVE-2025-32124

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eleopard Behance Portfolio Manager allows Blind SQL Injection. This issue affects Behance Portfolio Manager: from n/a through 1.7.4.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 7.6

    CVSS31
    CVE-2025-32122

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix uListing allows Blind SQL Injection. This issue affects uListing: from n/a through 2.1.9.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 7.6

    CVSS31
    CVE-2025-32121

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows SQL Injection. This issue affects Video & Photo Gallery for Ultimate Member: from n/a throu... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 7.6

    CVSS31
    CVE-2025-32120

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erick Danzer Easy Query – WP Query Builder allows Blind SQL Injection. This issue affects Easy Query – WP Query Builder: from n/a through 2.0.4.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 9.1

    CVSS31
    CVE-2025-32118

    Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance allows Using Malicious Files. This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.13.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 7.1

    CVSS31
    CVE-2025-32113

    Cross-Site Request Forgery (CSRF) vulnerability in Renzo Tejada Libro de Reclamaciones y Quejas allows Cross Site Request Forgery. This issue affects Libro de Reclamaciones y Quejas: from n/a through 0.9.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 7.1

    CVSS31
    CVE-2025-32112

    Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Sidebar Manager Light allows Cross Site Request Forgery. This issue affects Sidebar Manager Light: from n/a through 1.1.8.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 9.8

    CVSS31
    CVE-2025-29647

    SeaCMS v13.3 has a SQL injection vulnerability in the component admin_tempvideo.php.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 04, 2025

  • 7.8

    CVSS31
    CVE-2025-29504

    Insecure Permission vulnerability in student-manage 1 allows a local attacker to escalate privileges via the Unsafe permission verification.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 04, 2025

  • 9.8

    CVSS31
    CVE-2025-26818

    Netwrix Password Secure through 9.2 allows command injection.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 04, 2025

  • 9.8

    CVSS31
    CVE-2025-26817

    Netwrix Password Secure 9.2.0.32454 allows OS command injection.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 04, 2025

  • 0.0

    NONE
    CVE-2025-25178

    Software installed and run as a non-privileged user may conduct improper GPU system calls to cause kernel system memory corruption.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 0.0

    NONE
    CVE-2025-0468

    Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 7.5

    CVSS31
    CVE-2024-47212

    An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is not restored, event processing in th... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 04, 2025

  • 8.8

    CVSS31
    CVE-2024-45199

    insightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. Th... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 04, 2025

  • 8.8

    CVSS31
    CVE-2024-45198

    insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can ... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 04, 2025

  • 9.8

    CVSS31
    CVE-2024-22611

    OpenEMR 7.0.2 is vulnerable to SQL Injection via \openemr\library\classes\Pharmacy.class.php, \controllers\C_Pharmacy.class.php and \openemr\controller.php.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 04, 2025

  • 3.5

    CVSS31
    CVE-2025-3251

    A vulnerability, which was classified as problematic, was found in xujiangfei admintwo 1.0. This affects an unknown part of the file /user/updateSet. The manipulation of the argument motto leads to cross site scripting. It is possible to initiate the atta... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025
Showing 20 of 404 Results
© cvefeed.io
Latest DB Update: Apr. 05, 2025 6:54