Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-8374

    A vulnerability was found in code-projects Vehicle Management 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /addcompany.php. The manipulation of the argument company leads to sql injection. The attack can be in... Read more

    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2025-8192

    There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context, i.e. system-uid context, thus lead to launchAnyWhere. The core idea is to utilize the time window betwee... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Race Condition

  • 6.1

    MEDIUM
    CVE-2025-24854

    A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWi... Read more

    Affected Products : jspwiki
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-24853

    A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Further research by the JSPWiki t... Read more

    Affected Products : jspwiki
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-8373

    A vulnerability was found in code-projects Vehicle Management 1.0. It has been classified as critical. This affects an unknown part of the file /print.php. The manipulation of the argument sno leads to sql injection. It is possible to initiate the attack ... Read more

    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8372

    A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/update_s7.php. The manipulation of the argument credits leads to sql injection. The att... Read more

    Affected Products : exam_form_submission
    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-7205

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the donor notes parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. T... Read more

    Affected Products : givewp
    • Published: Jul. 31, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.0

    HIGH
    CVE-2025-54757

    Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser.... Read more

    Affected Products : powercms
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 8.0

    HIGH
    CVE-2025-54752

    Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed.... Read more

    Affected Products : powercms
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-46359

    A path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator may execute arbitrary code by restoring a crafted backup file.... Read more

    Affected Products : powercms
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-41396

    A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user.... Read more

    Affected Products : powercms
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-41391

    Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser.... Read more

    Affected Products : powercms
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-36563

    Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser.... Read more

    Affected Products : powercms
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-8371

    A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/update_s5.php. The manipulation of the argument credits leads to sql injecti... Read more

    Affected Products : exam_form_submission
    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-8370

    A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9. Affected is an unknown function of the file /intranet/educar_escolaridade_lst.php. The manipulation of the argument descricao leads to cross site scripting. It is ... Read more

    Affected Products : i-educar
    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-8369

    A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9. This issue affects some unknown processing of the file /intranet/educar_avaliacao_desempenho_lst.php. The manipulation of the argument titulo_avaliacao leads ... Read more

    Affected Products : i-educar
    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-8368

    A vulnerability classified as problematic was found in Portabilis i-Educar 2.9. This vulnerability affects unknown code of the file /intranet/pesquisa_pessoa_lst.php. The manipulation of the argument campo_busca/cpf leads to cross site scripting. The atta... Read more

    Affected Products : i-educar
    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-53558

    ZXHN-F660T and ZXHN-F660A provided by ZTE Japan K.K. use a common credential for all installations. With the knowledge of the credential, an attacker may log in to the affected devices.... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-8367

    A vulnerability classified as problematic has been found in Portabilis i-Educar 2.9. This affects an unknown part of the file /intranet/funcionario_vinculo_lst.php. The manipulation of the argument nome leads to cross site scripting. It is possible to ini... Read more

    Affected Products : i-educar
    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-8366

    A vulnerability was found in Portabilis i-Educar 2.9. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /intranet/educar_servidor_lst.php. The manipulation of the argument nome/matricula_servidor leads to c... Read more

    Affected Products : i-educar
    • Published: Jul. 31, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291570 Results