Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-1858

    A vulnerability classified as critical was found in Codezips Online Shopping Website 1.0. This vulnerability affects unknown code of the file /success.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. T... Read more

    Affected Products : online_shopping_website
    • Published: Mar. 03, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1857

    A vulnerability classified as critical has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file /check_availability.php. The manipulation of the argument employeeid leads to sql injection. It is poss... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1856

    A vulnerability was found in Codezips Gym Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /dashboard/admin/gen_invoice.php. The manipulation of the argument id leads to sql injection. ... Read more

    Affected Products : gym_management_system
    • Published: Mar. 03, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-1723

    Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug.... Read more

    Affected Products : manageengine_adselfservice_plus
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-1855

    A vulnerability was found in PHPGurukul Online Shopping Portal 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /product-details.php. The manipulation of the argument quality/price/value/name/su... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-1854

    A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/del_member.php. The manipulation of the argument name leads to sql injection. It is possible ... Read more

    Affected Products : gym_management_system
    • Published: Mar. 03, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-53386

    Stage.js through 0.8.10 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.... Read more

    Affected Products : stage.js
    • Published: Mar. 03, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-53382

    Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.... Read more

    Affected Products : prism
    • Published: Mar. 03, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-1853

    A vulnerability was found in Tenda AC8 16.03.34.06 and classified as critical. This issue affects the function sub_49E098 of the file /goform/SetIpMacBind of the component Parameter Handler. The manipulation of the argument list leads to stack-based buffe... Read more

    Affected Products : ac8_firmware
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-1852

    A vulnerability has been found in Totolink EX1800T 9.1.0cu.2112_B20220316 and classified as critical. This vulnerability affects the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. T... Read more

    Affected Products : ex1800t_firmware ex1800t
    • Published: Mar. 03, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-1851

    A vulnerability, which was classified as critical, was found in Tenda AC7 up to 15.03.06.44. This affects the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow.... Read more

    Affected Products : ac7_firmware ac7
    • Published: Mar. 03, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-1850

    A vulnerability, which was classified as critical, has been found in Codezips College Management System 1.0. Affected by this issue is some unknown functionality of the file /university.php. The manipulation of the argument book_name leads to sql injectio... Read more

    Affected Products : college_management_system
    • Published: Mar. 03, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-27590

    In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web.... Read more

    Affected Products : oxidized_web
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025

  • 8.8

    HIGH
    CVE-2025-1849

    A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Affected by this vulnerability is an unknown functionality of the file /import_data_todb. The manipulation of the argument url leads to server-side request forgery. The attack can... Read more

    Affected Products : zz
    • Published: Mar. 03, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2025-1848

    A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Affected is an unknown function of the file /import_data_check. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack... Read more

    Affected Products : zz
    • Published: Mar. 03, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-20653

    In da, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exp... Read more

    Affected Products : android mt6781 mt6789 mt6835 mt6855 mt6878 mt6879 mt6886 mt6895 mt6897 +5 more products
    • Published: Mar. 03, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Information Disclosure

  • 4.6

    MEDIUM
    CVE-2025-20652

    In V5 DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed f... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6833 mt6853 mt6873 mt6877 mt6885 mt6893 +35 more products
    • Published: Mar. 03, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Information Disclosure

  • 4.1

    MEDIUM
    CVE-2025-20651

    In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for ... Read more

    Affected Products : android openwrt yocto rdk-b mt6781 mt6789 mt6835 mt6855 mt6878 mt6879 +15 more products
    • Published: Mar. 03, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Information Disclosure

  • 6.8

    MEDIUM
    CVE-2025-20650

    In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed fo... Read more

    Affected Products : android openwrt yocto rdk-b mt6781 mt6789 mt6835 mt6855 mt6878 mt6879 +15 more products
    • Published: Mar. 03, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-20649

    In Bluetooth Stack SW, there is a possible information disclosure due to a missing permission check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for ex... Read more

    • Published: Mar. 03, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 292796 Results