Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-42562

    Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at preview.php.... Read more

    Affected Products : pharmacy_management_system
    • Published: Aug. 20, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-42563

    An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file.... Read more

    Affected Products : erp erp
    • Published: Aug. 20, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-42569

    School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at paidclass.php.... Read more

    Affected Products : school_management_system
    • Published: Aug. 20, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-42571

    School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php.... Read more

    • Published: Aug. 20, 2024
    • Modified: Jun. 05, 2025

  • 7.8

    HIGH
    CVE-2024-22705

    An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandle... Read more

    Affected Products : linux_kernel
    • Published: Jan. 23, 2024
    • Modified: Jun. 05, 2025

  • 6.3

    MEDIUM
    CVE-2024-22099

    NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C. This issue affects Linux kernel: v2... Read more

    Affected Products : linux_kernel
    • Published: Jan. 25, 2024
    • Modified: Jun. 05, 2025

  • 4.9

    MEDIUM
    CVE-2023-34324

    Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of a... Read more

    Affected Products : linux_kernel xen
    • Published: Jan. 05, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2025-5074

    A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component PROMPT Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The... Read more

    • Published: May. 22, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5073

    A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. This issue affects some unknown processing of the component MKDIR Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remote... Read more

    • Published: May. 22, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2024-21727

    XSS vulnerability in DP Calendar component for Joomla.... Read more

    Affected Products : dpcalendar
    • Published: Feb. 15, 2024
    • Modified: Jun. 05, 2025

  • 7.7

    HIGH
    CVE-2025-48947

    The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In Auth0 Next.js SDK versions 4.0.1 through 4.6.0, `__session` cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Thr... Read more

    Affected Products : nextjs-auth0
    • Published: Jun. 04, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-3054

    The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with ... Read more

    Affected Products :
    • Published: Jun. 05, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-48493

    The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and... Read more

    Affected Products :
    • Published: Jun. 05, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-5701

    The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes it... Read more

    Affected Products :
    • Published: Jun. 05, 2025
    • Modified: Jun. 05, 2025

  • 6.5

    MEDIUM
    CVE-2025-5679

    A vulnerability classified as critical has been found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected is the function parseStrByFreeMarker of the file /src/main/java/com/dstz/sys/rest/controller/SysToolsController.java. Th... Read more

    Affected Products :
    • Published: Jun. 05, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-5640

    A vulnerability was found in PX4-Autopilot 1.12.3. It has been classified as problematic. This affects the function MavlinkReceiver::handle_message_trajectory_representation_waypoints of the file mavlink_receiver.cpp of the component TRAJECTORY_REPRESENTA... Read more

    Affected Products :
    • Published: Jun. 05, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-5688

    We have identified a buffer overflow issue allowing out-of-bounds write when processing LLMNR or mDNS queries with very long DNS names. This issue only affects systems using Buffer Allocation Scheme 1 with LLMNR or mDNS enabled. Users should upgrade to ... Read more

    Affected Products : freertos
    • Published: Jun. 04, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-4568

    Improper neutralization of input provided by an unauthorized user into changes__reference_id parameter in URL allows for boolean-based Blind SQL Injection attacks.... Read more

    Affected Products :
    • Published: Jun. 05, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 5.8

    MEDIUM
    CVE-2025-49466

    aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part,... Read more

    Affected Products :
    • Published: Jun. 05, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Path Traversal

  • 6.2

    MEDIUM
    CVE-2025-49009

    Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in `FacebookAuthFilter.java` results in a full request URL being logged during a failed request to a Facebook user... Read more

    Affected Products : para
    • Published: Jun. 05, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 292791 Results