Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2025-23205

    nbgrader is a system for assigning and grading notebooks. Enabling frame-ancestors: 'self' grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default ... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 10.0

    CRITICAL
    CVE-2025-23202

    Bible Module is a tool designed for ROBLOX developers to integrate Bible functionality into their games. The `FetchVerse` and `FetchPassage` functions in the Bible Module are susceptible to injection attacks due to the absence of input validation. This vu... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Injection

  • 5.2

    MEDIUM
    CVE-2025-23039

    Caido is a web security auditing toolkit. A Cross-Site Scripting (XSS) vulnerability was identified in Caido v0.45.0 due to improper sanitization in the URL decoding tooltip of HTTP request and response editors. This issue could allow an attacker to execu... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-21606

    stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registers a Mach service under the name `eu.exelban.Stats.SMC.H... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-0540

    A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /expadd.php. The manipulation of the argument expcat leads to sql injection. The attack can be i... Read more

    Affected Products : tailoring_management_system
    • Published: Jan. 17, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-0538

    A vulnerability, which was classified as problematic, was found in code-projects Tourism Management System 1.0. Affected is an unknown function of the file /admin/manage-pages.php. The manipulation of the argument pgedetails leads to cross site scripting.... Read more

    Affected Products : tourism_management_system
    • Published: Jan. 17, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-57252

    OtCMS <=V7.46 is vulnerable to Server-Side Request Forgery (SSRF) in /admin/read.php, which can Read system files arbitrarily.... Read more

    Affected Products : otcms
    • Published: Jan. 17, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2024-57035

    WeGIA v3.2.0 is vulnerable to SQL Injection viathe nextPage parameter in /controle/control.php.... Read more

    Affected Products : wegia
    • Published: Jan. 17, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-57033

    WeGIA < 3.2.0 is vulnerable to Cross Site Scripting (XSS) via the dados_addInfo parameter of documentos_funcionario.php.... Read more

    Affected Products : wegia
    • Published: Jan. 17, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2023-50738

    A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified.... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Authorization

  • 7.4

    HIGH
    CVE-2025-21399

    Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability... Read more

    • Published: Jan. 17, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-21185

    Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Jan. 17, 2025
    • Modified: Feb. 07, 2025

  • 5.1

    MEDIUM
    CVE-2025-0537

    A vulnerability, which was classified as problematic, has been found in code-projects Car Rental Management System 1.0. This issue affects some unknown processing of the file /admin/manage-pages.php. The manipulation of the argument pgdetails leads to cro... Read more

    Affected Products : online_car_rental_system
    • Published: Jan. 17, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-0536

    A vulnerability classified as critical was found in 1000 Projects Attendance Tracking Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_action.php. The manipulation of the argument attendance_id leads to sql injection.... Read more

    • Published: Jan. 17, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-57372

    Cross Site Scripting vulnerability in InformationPush master version allows a remote attacker to obtain sensitive information via the title, time and msg parameters... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-57370

    Cross Site Scripting vulnerability in sunnygkp10 Online Exam System master version allows a remote attacker to obtain sensitive information via the w parameter.... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-57369

    Clickjacking vulnerability in typecho v1.2.1.... Read more

    Affected Products : typecho
    • Published: Jan. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2024-57034

    WeGIA < 3.2.0 is vulnerable to SQL Injection in query_geracao_auto.php via the query parameter.... Read more

    Affected Products : wegia
    • Published: Jan. 17, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57032

    WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application does not validate the value of the old password, so it is possible to change the password by placing any value in the senha_antiga field.... Read more

    Affected Products : wegia
    • Published: Jan. 17, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-57031

    WeGIA < 3.2.0 is vulnerable to SQL Injection in /funcionario/remuneracao.php via the id_funcionario parameter.... Read more

    Affected Products : wegia
    • Published: Jan. 17, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Injection
Showing 20 of 291219 Results