Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2024-13544

    The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)... Read more

    Affected Products : zarinpal_paid_download
    • Published: Feb. 11, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2024-13543

    The Zarinpal Paid Download WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : zarinpal_paid_download
    • Published: Feb. 11, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-1211

    Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://[email protected]/, the URI function will parse and see the host ... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Mar. 16, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.8

    MEDIUM
    CVE-2025-1174

    A vulnerability has been found in 1000 Projects Bookstore Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file process_book_add.php of the component Add Book Page. The manipulation of the argument Book N... Read more

    Affected Products : bookstore_management_system
    • Published: Feb. 11, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-1173

    A vulnerability, which was classified as critical, was found in 1000 Projects Bookstore Management System 1.0. This affects an unknown part of the file process_users_del.php. The manipulation of the argument id leads to sql injection. It is possible to in... Read more

    Affected Products : bookstore_management_system
    • Published: Feb. 11, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2024-12599

    The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user ... Read more

    Affected Products : ht_mega
    • Published: Feb. 11, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-1172

    A vulnerability, which was classified as critical, has been found in 1000 Projects Bookstore Management System 1.0. Affected by this issue is some unknown functionality of the file addtocart.php. The manipulation of the argument bcid leads to sql injectio... Read more

    Affected Products : bookstore_management_system
    • Published: Feb. 11, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-1171

    A vulnerability classified as problematic was found in code-projects Real Estate Property Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin/CustomerReport.php. The manipulation of the argument Address lea... Read more

    • Published: Feb. 11, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-1145

    NetVision Information ISOinsight has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-1144

    School Affairs System from Quanxun has an Exposure of Sensitive Information, allowing unauthenticated attackers to view specific pages and obtain database information as well as plaintext administrator credentials.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 8.4

    HIGH
    CVE-2025-1143

    Certain models of routers from Billion Electric has hard-coded embedded linux credentials, allowing attackers to log in through the SSH service using these credentials and obtain root privilege of the system.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-1170

    A vulnerability classified as problematic has been found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /Admin/Category.php. The manipulation of the argument Desc leads to cross site scripting. It ... Read more

    • Published: Feb. 11, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-1169

    A vulnerability was found in SourceCodester Image Compressor Tool 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /image-compressor/compressor.php. The manipulation of the argument image leads to cross site sc... Read more

    Affected Products : image_compressor_tool
    • Published: Feb. 11, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-1168

    A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-contact.php. The manipulation of the argument contact leads to sql i... Read more

    • Published: Feb. 11, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1167

    A vulnerability was found in Mayuri K Employee Management System up to 192.168.70.3 and classified as critical. Affected by this issue is some unknown functionality of the file /hr_soft/admin/Update_User.php. The manipulation of the argument id leads to s... Read more

    Affected Products : employee_management_system
    • Published: Feb. 11, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-1166

    A vulnerability has been found in SourceCodester Food Menu Manager 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file endpoint/update.php. The manipulation leads to unrestricted upload. The attack can be... Read more

    Affected Products : food_menu_manager food_menu_manager
    • Published: Feb. 11, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-25243

    SAP Supplier Relationship Management (Master Data Management Catalog) allows an unauthenticated attacker to use a publicly available servlet to download an arbitrary file over the network without any user interaction. This can reveal highly sensitive info... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-25241

    Due to a missing authorization check, an attacker who is logged in to application can view/ delete �My Overtime Requests� which could allow the attacker to access employee information. This leads to low impact on confidentiality, integrity of the applicat... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-24876

    The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code an attacker can steal the session of the victim by injecting malicious payload causing High impact on confidentiality a... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-24875

    SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None (SameSite=None). This includes authentication cookies utilized in SAP Commerce Backoffice. Applying this setting reduces defense in depth against CSRF and may le... Read more

    Affected Products : commerce
    • Published: Feb. 11, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 291531 Results