Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-5428

    A vulnerability classified as critical has been found in juzaweb CMS up to 3.4.2. This affects an unknown part of the file /admin-cp/log-viewer of the component Error Logs Page. The manipulation leads to improper access controls. It is possible to initiat... Read more

    Affected Products : cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-5430

    A vulnerability, which was classified as critical, has been found in AssamLook CMS 1.0. This issue affects some unknown processing of the file /product.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. ... Read more

    Affected Products : assamlook_cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5432

    A vulnerability has been found in AssamLook CMS 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view_tender.php. The manipulation of the argument ID leads to sql injection. The attack can be launched... Read more

    Affected Products : assamlook_cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-37394

    A stored cross-site scripting (XSS) vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Dashboard title' and 'Dashboard content' text boxes. T... Read more

    Affected Products : redcap
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-3834

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 14, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2025-3836

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 22, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-37395

    A stored cross-site scripting (XSS) vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Survey Title' and 'Survey Instructions' fields. Th... Read more

    Affected Products : redcap
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2025-41403

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 22, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2025-36527

    Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 23, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2025-41407

    Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 23, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2025-27709

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: Jun. 09, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2025-36528

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: Jun. 09, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2025-41444

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: Jun. 09, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-37396

    A stored cross-site scripting (XSS) vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Notes' field of a calendar event. This could lead to th... Read more

    Affected Products : redcap
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-5971

    A vulnerability was found in code-projects School Fees Payment System 1.0. It has been classified as critical. This affects an unknown part of the file /ajx.php. The manipulation of the argument name_startsWith leads to sql injection. It is possible to in... Read more

    Affected Products : school_fees_payment_system
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5979

    A vulnerability classified as critical has been found in code-projects School Fees Payment System 1.0. This affects an unknown part of the file /branch.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack ... Read more

    Affected Products : school_fees_payment_system
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-46060

    Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component... Read more

    Affected Products : n600r_firmware n600r
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-47044

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-47045

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-47047

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293566 Results