Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-22632

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in totalsoft WooCommerce Pricing – Product Pricing allows Stored XSS. This issue affects WooCommerce Pricing – Product Pricing: from n/a through 1.0.9.... Read more

    Affected Products :
    • Published: Feb. 23, 2025
    • Modified: Feb. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22631

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vbout Marketing Automation allows Reflected XSS. This issue affects Marketing Automation: from n/a through 1.2.6.8.... Read more

    Affected Products :
    • Published: Feb. 23, 2025
    • Modified: Feb. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-1597

    A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/redirect.php. The manipulation of the argument a leads to cross site scripting. It i... Read more

    Affected Products : best_church_management_software
    • Published: Feb. 23, 2025
    • Modified: Feb. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-1596

    A vulnerability was found in SourceCodester Best Church Management Software 1.0 and classified as critical. This issue affects some unknown processing of the file /fpassword.php. The manipulation of the argument email leads to sql injection. The attack ma... Read more

    Affected Products : best_church_management_software
    • Published: Feb. 23, 2025
    • Modified: Feb. 23, 2025
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2025-1595

    A vulnerability has been found in Anhui Xufan Information Technology EasyCVR up to 2.7.0 and classified as problematic. This vulnerability affects unknown code of the file /api/v1/getbaseconfig. The manipulation leads to information disclosure. The attack... Read more

    Affected Products :
    • Published: Feb. 23, 2025
    • Modified: Feb. 23, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-1594

    A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It i... Read more

    Affected Products : ffmpeg
    • Published: Feb. 23, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-1593

    A vulnerability classified as critical has been found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /_hr_soft/assets/uploadImage/Profile/ of the component Profile Picture Handler. The manipulation leads to... Read more

    Affected Products : best_employee_management_system
    • Published: Feb. 23, 2025
    • Modified: Feb. 23, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-1592

    A vulnerability was found in SourceCodester Best Employee Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/Operations/Role.php of the component Add Role Page. The manipulation... Read more

    Affected Products : best_employee_management_system
    • Published: Feb. 23, 2025
    • Modified: Feb. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-1591

    A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /department.php of the component Department Page. The manipulation of t... Read more

    • Published: Feb. 23, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-1590

    A vulnerability was found in SourceCodester E-Learning System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/lesson/index.php of the component List of Lessons Page. The manipulation leads to unrestricte... Read more

    Affected Products : e-learning_system
    • Published: Feb. 23, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-1589

    A vulnerability was found in SourceCodester E-Learning System 1.0 and classified as problematic. This issue affects some unknown processing of the file /register.php of the component User Registration Handler. The manipulation leads to cross site scriptin... Read more

    Affected Products : e-learning_system
    • Published: Feb. 23, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-1588

    A vulnerability has been found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/manage-nurse.php. The manipulation of the argument profilepic leads to path traversal: '../f... Read more

    Affected Products : online_nurse_hiring_system
    • Published: Feb. 23, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2025-1467

    Versions of the package tarteaucitronjs before 1.17.0 are vulnerable to Cross-site Scripting (XSS) via the getElemWidth() and getElemHeight(). This is related to [SNYK-JS-TARTEAUCITRONJS-8366541](https://security.snyk.io/vuln/SNYK-JS-TARTEAUCITRONJS-83665... Read more

    Affected Products :
    • Published: Feb. 23, 2025
    • Modified: Feb. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-1587

    A vulnerability was found in SourceCodester Telecom Billing Management System 1.0. It has been rated as critical. This issue affects the function addrecords of the file main.cpp of the component Add New Record. The manipulation of the argument name/phonen... Read more

    Affected Products : telecom_billing_management_system
    • Published: Feb. 23, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-1586

    A vulnerability was found in code-projects Blood Bank System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /Blood/A-.php. The manipulation of the argument Bloodname leads to cross site scripting. The attack ... Read more

    Affected Products : blood_bank_system blood_bank_system
    • Published: Feb. 23, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-1585

    A vulnerability, which was classified as problematic, has been found in otale tale up to 2.0.5. This issue affects the function OptionsService of the file src/main/resources/templates/themes/default/partial/header.html. The manipulation of the argument lo... Read more

    Affected Products :
    • Published: Feb. 23, 2025
    • Modified: Feb. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-1584

    A vulnerability classified as problematic was found in opensolon Solon up to 3.0.8. This vulnerability affects unknown code of the file solon-projects/solon-web/solon-web-staticfiles/src/main/java/org/noear/solon/web/staticfiles/StaticMappings.java. The m... Read more

    Affected Products :
    • Published: Feb. 23, 2025
    • Modified: Feb. 23, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-1583

    A vulnerability classified as critical has been found in PHPGurukul Online Nurse Hiring System 1.0. This affects an unknown part of the file /admin/search-report-details.php. The manipulation of the argument searchinput leads to sql injection. It is possi... Read more

    Affected Products : online_nurse_hiring_system
    • Published: Feb. 23, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1582

    A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/all-request.php. The manipulation of the argument viewid leads to sql injection.... Read more

    Affected Products : online_nurse_hiring_system
    • Published: Feb. 23, 2025
    • Modified: Feb. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1581

    A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /book-nurse.php?bookid=1. The manipulation of the argument contactname leads t... Read more

    Affected Products : online_nurse_hiring_system
    • Published: Feb. 23, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Injection
Showing 20 of 291722 Results