Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-8068

    The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to an improper capability check on the 'ajax_trash_templates' function in all versions up to, and including, 2.9.1. This makes... Read more

    Affected Products : ht_mega
    • Published: Jul. 31, 2025
    • Modified: Aug. 13, 2025

  • 5.4

    MEDIUM
    CVE-2025-8380

    A vulnerability classified as problematic was found in Campcodes Online Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /admin/add_query_account.php. The manipulation of the argument Name leads to cross site scripting. Th... Read more

    Affected Products : online_hotel_reservation_system
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025

  • 7.2

    HIGH
    CVE-2025-8379

    A vulnerability classified as critical has been found in Campcodes Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/edit_room.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to i... Read more

    Affected Products : online_hotel_reservation_system
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025

  • 9.8

    CRITICAL
    CVE-2025-8378

    A vulnerability was found in Campcodes Online Hotel Reservation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument username/... Read more

    Affected Products : online_hotel_reservation_system
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025

  • 9.8

    CRITICAL
    CVE-2025-8376

    A vulnerability classified as critical has been found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /updatebal.php. The manipulation of the argument company leads to sql injection. It is possible to launch the attack... Read more

    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025

  • 7.2

    HIGH
    CVE-2025-41688

    A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox.... Read more

    Affected Products : mbnet_hw1_firmware mbnet_firmware
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025

  • 5.1

    MEDIUM
    CVE-2025-40980

    A Stored Cross Site Scripting vulnerability has been found in UltimatePOS by UltimateFosters. This vulnerability is due to the lack of proper validation of user inputs via ‘/products/<PRODUCT_ID>/edit’, affecting to ‘name’ parameter via POST. The vulnerab... Read more

    Affected Products : ultimatepos
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025

  • 7.5

    HIGH
    CVE-2025-2813

    An unauthenticated remote attacker can cause a Denial of Service by sending a large number of requests to the http service on port 80.... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025

  • 9.8

    CRITICAL
    CVE-2025-8375

    A vulnerability was found in code-projects Vehicle Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /addvehicle.php. The manipulation of the argument vehicle leads to sql injection. The attack may be in... Read more

    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025

  • 9.8

    CRITICAL
    CVE-2025-8374

    A vulnerability was found in code-projects Vehicle Management 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /addcompany.php. The manipulation of the argument company leads to sql injection. The attack can be in... Read more

    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025

  • 6.9

    MEDIUM
    CVE-2025-8192

    There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context, i.e. system-uid context, thus lead to launchAnyWhere. The core idea is to utilize the time window betwee... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025

  • 6.1

    MEDIUM
    CVE-2025-24854

    A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWi... Read more

    Affected Products : jspwiki
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025

  • 7.5

    HIGH
    CVE-2025-24853

    A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Further research by the JSPWiki t... Read more

    Affected Products : jspwiki
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025

  • 9.8

    CRITICAL
    CVE-2025-8373

    A vulnerability was found in code-projects Vehicle Management 1.0. It has been classified as critical. This affects an unknown part of the file /print.php. The manipulation of the argument sno leads to sql injection. It is possible to initiate the attack ... Read more

    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025

  • 9.8

    CRITICAL
    CVE-2025-8372

    A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/update_s7.php. The manipulation of the argument credits leads to sql injection. The att... Read more

    Affected Products : exam_form_submission
    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025

  • 5.4

    MEDIUM
    CVE-2025-7205

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the donor notes parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. T... Read more

    Affected Products : givewp
    • Published: Jul. 31, 2025
    • Modified: Aug. 13, 2025

  • 8.0

    HIGH
    CVE-2025-54757

    Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser.... Read more

    Affected Products : powercms
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025

  • 8.0

    HIGH
    CVE-2025-54752

    Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed.... Read more

    Affected Products : powercms
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025

  • 8.6

    HIGH
    CVE-2025-46359

    A path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator may execute arbitrary code by restoring a crafted backup file.... Read more

    Affected Products : powercms
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025

  • 6.5

    MEDIUM
    CVE-2025-41396

    A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user.... Read more

    Affected Products : powercms
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
Showing 20 of 290940 Results