Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-1641

    A vulnerability was found in Benner ModernaNet up to 1.1.0. It has been classified as critical. This affects an unknown part of the file /AGE0000700/GetHorariosDoDia?idespec=0&idproced=1103&data=2025-02-25+19%3A25&agserv=0&convenio=1&localatend=1&idplano=... Read more

    Affected Products : modernanet
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1640

    A vulnerability was found in Benner ModernaNet up to 1.1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /Home/JS_CarregaCombo?formName=DADOS_PESSOAIS_PLANO&additionalCondition=&insideParameters=&elementToRet... Read more

    Affected Products : modernanet
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 6.6

    MEDIUM
    CVE-2025-27144

    Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior t... Read more

    Affected Products : go-jose
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2025-27143

    Better Auth is an authentication and authorization library for TypeScript. Prior to version 1.1.21, the application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other ... Read more

    Affected Products : better_auth
    • Published: Feb. 24, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-22974

    SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrary code via the DoTranExecSql parameter in the phome.php component.... Read more

    Affected Products : seacms
    • Published: Feb. 24, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2024-57685

    An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file.... Read more

    Affected Products : sparkshop
    • Published: Feb. 24, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-56525

    In Public Knowledge Project (PKP) OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML do... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: XML External Entity

  • 9.8

    CRITICAL
    CVE-2024-53544

    NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 was discovered to contain a SQL injection vulnerability via the getCookieNames method in the smarttimeplus/MySQLConnection endpoint.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-53543

    NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 was discovered to contain a SQL injection vulnerability via the addProject method in the smarttimeplus/MySQLConnection endpoint.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-53542

    Incorrect access control in the component /iclock/Settings?restartNCS=1 of NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 allows attackers to arbitrarily restart the NCServiceManger via a crafted GET request.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-27141

    Metabase Enterprise Edition is the enterprise version of Metabase business intelligence and data analytics software. Starting in version 1.47.0 and prior to versions 1.50.36, 1.51.14, 1.52.11, and 1.53.2 of Metabase Enterprise Edition, users with imperson... Read more

    Affected Products : metabase
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authorization

  • 10.0

    CRITICAL
    CVE-2025-27140

    WeGIA is a Web manager for charitable institutions. An OS Command Injection vulnerability was discovered in versions prior to 3.2.15 of the WeGIA application, `importar_dump.php` endpoint. This vulnerability could allow an attacker to execute arbitrary co... Read more

    Affected Products : wegia
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-25513

    Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php.... Read more

    Affected Products : seacms
    • Published: Feb. 24, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-57608

    An issue in Via Browser 6.1.0 allows a a remote attacker to execute arbitrary code via the mark.via.Shell component.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authentication

  • 4.4

    MEDIUM
    CVE-2025-27137

    Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track allows users with the `SYSTEM_CONFIGURATION` permission to customize notification templates. Templates a... Read more

    Affected Products : dependency-track
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Supply Chain

  • 9.8

    CRITICAL
    CVE-2025-26533

    An SQL injection risk was identified in the module list filter within course search.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-26532

    Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-26531

    Insufficient capability checks made it possible to disable badges a user does not have permission to access.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authorization

  • 8.3

    HIGH
    CVE-2025-26530

    The question bank filter required additional sanitizing to prevent a reflected XSS risk.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2025-26529

    Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291625 Results