Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-57118

    An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php... Read more

    Affected Products : online_library_management_system
    • Published: Sep. 15, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-57117

    A Clickjacking vulnerability exists in Rems' Employee Management System 1.0. This flaw allows remote attackers to execute arbitrary JavaScript on the department.php page by injecting a malicious payload into the Department Name field under Add Department.... Read more

    Affected Products : employee_management_system
    • Published: Sep. 15, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-56274

    SourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access Control, which allows low-privileged users to forge high privileged (such as admin) sessions and perform sensitive operations such as adding new users.... Read more

    • Published: Sep. 15, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-28423

    Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file.... Read more

    Affected Products : airflow-diagrams
    • Published: Mar. 14, 2024
    • Modified: Sep. 18, 2025

  • 7.5

    HIGH
    CVE-2024-28425

    greykite v1.0.0 was discovered to contain an arbitrary file upload vulnerability in the load_obj function at /templates/pickle_utils.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products : greykite
    • Published: Mar. 14, 2024
    • Modified: Sep. 18, 2025

  • 7.4

    HIGH
    CVE-2024-29154

    danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText.... Read more

    Affected Products : fabric
    • Published: Mar. 18, 2024
    • Modified: Sep. 18, 2025

  • 9.8

    CRITICAL
    CVE-2025-55241

    Azure Entra Elevation of Privilege Vulnerability... Read more

    Affected Products : microsoft_entra_id entra_id
    • Published: Sep. 04, 2025
    • Modified: Sep. 18, 2025

  • 9.8

    CRITICAL
    CVE-2024-28392

    SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and before allows a remote attacker to escalate privileges via the pscartabandonmentproFrontCAPUnsubscribeJobModuleFrontController::setEmailVisualized() method.... Read more

    Affected Products : abandoned_cart_reminder_pro
    • Published: Mar. 20, 2024
    • Modified: Sep. 18, 2025

  • 9.8

    CRITICAL
    CVE-2024-28395

    SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and before allows a remote attacker to escalate privileges via the bestkit_popup.php component.... Read more

    Affected Products : bestkit_popup
    • Published: Mar. 20, 2024
    • Modified: Sep. 18, 2025

  • 8.8

    HIGH
    CVE-2024-23755

    ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode.... Read more

    Affected Products : macos windows clickup
    • Published: Mar. 23, 2024
    • Modified: Sep. 18, 2025

  • 9.8

    CRITICAL
    CVE-2024-28386

    An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component.... Read more

    Affected Products : fastmag_sync
    • Published: Mar. 25, 2024
    • Modified: Sep. 18, 2025

  • 7.5

    HIGH
    CVE-2024-28387

    An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via the log.txt component.... Read more

    Affected Products : axonaut
    • Published: Mar. 25, 2024
    • Modified: Sep. 18, 2025

  • 9.8

    CRITICAL
    CVE-2024-28393

    SQL injection vulnerability in scalapay v.1.2.41 and before allows a remote attacker to escalate privileges via the ScalapayReturnModuleFrontController::postProcess() method.... Read more

    Affected Products : scalapay
    • Published: Mar. 25, 2024
    • Modified: Sep. 18, 2025

  • 7.6

    HIGH
    CVE-2024-28434

    The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code.... Read more

    Affected Products : twenty
    • Published: Mar. 25, 2024
    • Modified: Sep. 18, 2025

  • 5.4

    MEDIUM
    CVE-2024-28435

    The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload.... Read more

    Affected Products : twenty
    • Published: Mar. 25, 2024
    • Modified: Sep. 18, 2025

  • 7.5

    HIGH
    CVE-2025-55242

    Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network.... Read more

    Affected Products : xbox_gaming_services
    • Published: Sep. 04, 2025
    • Modified: Sep. 18, 2025

  • 10.0

    CRITICAL
    CVE-2024-25139

    In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the context of the cloud-brd binary that ... Read more

    Affected Products : omada_er605_firmware omada_er605
    • Published: Mar. 14, 2024
    • Modified: Sep. 18, 2025

  • 9.8

    CRITICAL
    CVE-2024-28388

    SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before, allows a remote attacker to escalate privileges and obtain sensitive information via the StProductCommentClass::getListcomments method.... Read more

    Affected Products : product_comments
    • Published: Mar. 14, 2024
    • Modified: Sep. 18, 2025

  • 7.5

    HIGH
    CVE-2022-46070

    GV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in GeoWebServer via Path.... Read more

    Affected Products : gv-asmanager
    • Published: Mar. 11, 2024
    • Modified: Sep. 18, 2025

  • 8.8

    HIGH
    CVE-2024-25501

    An issue WinMail v.7.1 and v.5.1 and before allows a remote attacker to execute arbitrary code via a crafted script to the email parameter.... Read more

    Affected Products : winmail winmail
    • Published: Mar. 09, 2024
    • Modified: Sep. 18, 2025
Showing 20 of 294690 Results