Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-5732

    A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The ... Read more

    Affected Products : traffic_offense_reporting_system
    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-5759

    A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. This vulnerability affects unknown code of the file /admin/edit-person-detail.php?editid=2. The manipulation of the argument editid leads to... Read more

    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-5761

    A vulnerability, which was classified as critical, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file /edit-family-member.php. The manipulation of the argument memberage leads to sql in... Read more

    Affected Products : bp_monitoring_management_system
    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-5762

    A vulnerability, which was classified as critical, was found in code-projects Patient Record Management System 1.0. Affected is an unknown function of the file view_hematology.php. The manipulation of the argument itr_no leads to sql injection. It is poss... Read more

    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-5784

    A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. This vulnerability affects unknown code of the file /myexp.php. The manipulation of the argument emp3ctc leads to sql injection. The attack can ... Read more

    Affected Products : employee_record_management_system
    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-5785

    A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-u... Read more

    Affected Products : x15_firmware x15
    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5786

    A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads t... Read more

    Affected Products : x15_firmware x15
    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-5838

    A vulnerability classified as critical was found in PHPGurukul Employee Record Management System 1.3. Affected by this vulnerability is an unknown functionality of the file /admin/adminprofile.php. The manipulation of the argument AdminName leads to sql i... Read more

    Affected Products : employee_record_management_system
    • Published: Jun. 07, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5856

    A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /registration.php. The manipulation of the argument emailid leads to sql injection. The attack... Read more

    Affected Products : bp_monitoring_management_system
    • Published: Jun. 09, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-5858

    A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /patient-report.php. The manipulation of the argument searchdata leads to sql injection. It ... Read more

    • Published: Jun. 09, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-5763

    A vulnerability has been found in Tenda CP3 11.10.00.2311090948 and classified as critical. Affected by this vulnerability is the function sub_F3C8C of the file apollo. The manipulation leads to command injection. The attack can be launched remotely. The ... Read more

    Affected Products : cp3_firmware cp3
    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-48012

    Authentication Bypass by Capture-replay vulnerability in Drupal One Time Password allows Remote Services with Stolen Credentials.This issue affects One Time Password: from 0.0.0 before 1.3.0.... Read more

    Affected Products : one_time_password
    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-48011

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0.... Read more

    Affected Products : one_time_password
    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authentication

  • 7.6

    HIGH
    CVE-2023-5553

    During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' ... Read more

    Affected Products : axis_os axis_os_2022
    • Published: Nov. 21, 2023
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2023-46471

    Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via the text variable scriptContainer of the ScriptViewer.... Read more

    Affected Products : yacms
    • Published: Nov. 20, 2023
    • Modified: Jun. 10, 2025

  • 9.8

    CRITICAL
    CVE-2023-45377

    In the module "Chronopost Official" (chronopost) for PrestaShop, a guest can perform SQL injection. The script PHP `cancelSkybill.php` own a sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.... Read more

    Affected Products : chronopost
    • Published: Nov. 22, 2023
    • Modified: Jun. 10, 2025

  • 9.8

    CRITICAL
    CVE-2023-38823

    Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd.... Read more

    • Published: Nov. 20, 2023
    • Modified: Jun. 10, 2025

  • 9.8

    CRITICAL
    CVE-2022-46337

    A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also all... Read more

    Affected Products : derby
    • Published: Nov. 20, 2023
    • Modified: Jun. 10, 2025

  • 7.5

    HIGH
    CVE-2022-39801

    SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. This attack can be launched only within the firewall. On successful exploitation the atta... Read more

    Affected Products : access_control
    • Published: Sep. 13, 2022
    • Modified: Jun. 10, 2025

  • 6.1

    MEDIUM
    CVE-2022-39799

    An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected u... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Sep. 13, 2022
    • Modified: Jun. 10, 2025
Showing 20 of 293289 Results