Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-7608

    A vulnerability, which was classified as critical, was found in code-projects Simple Shopping Cart 1.0. Affected is an unknown function of the file /userlogin.php. The manipulation of the argument user_email leads to sql injection. It is possible to launc... Read more

    Affected Products : simple_shopping_cart
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7607

    A vulnerability, which was classified as critical, has been found in code-projects Simple Shopping Cart 1.0. This issue affects some unknown processing of the file /Customers/save_order.php. The manipulation of the argument order_price leads to sql inject... Read more

    Affected Products : simple_shopping_cart
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 6.7

    MEDIUM
    CVE-2025-7519

    A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exp... Read more

    • Published: Jul. 14, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-7606

    A vulnerability classified as critical has been found in code-projects AVL Rooms 1.0. This affects an unknown part of the file /city.php. The manipulation of the argument city leads to sql injection. It is possible to initiate the attack remotely. The exp... Read more

    Affected Products : avl_rooms
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7605

    A vulnerability was found in code-projects AVL Rooms 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /profile.php. The manipulation of the argument first_name leads to sql injection. The attack may be l... Read more

    Affected Products : avl_rooms
    • Published: Jul. 14, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7604

    A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user-login.php. The manipulation of the argument Username leads to sql inject... Read more

    • Published: Jul. 14, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2025-7603

    A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. Affected is an unknown function of the file /jingx.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. It is possible... Read more

    Affected Products : di-8100_firmware di-8100
    • Published: Jul. 14, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.6

    HIGH
    CVE-2025-27582

    The Secure Password extension in One Identity Password Manager before 5.14.4 allows local privilege escalation. The issue arises from a flawed security hardening mechanism within the kiosk browser used to display the Password Self-Service site to end user... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 8.3

    HIGH
    CVE-2025-7602

    A vulnerability was found in D-Link DI-8100 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /arp_sys.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. The attack... Read more

    Affected Products : di-8100_firmware di-8100
    • Published: Jul. 14, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-7601

    A vulnerability has been found in PHPGurukul Online Library Management System 3.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/student-history.php. The manipulation of the argument stdid leads to cross site scr... Read more

    Affected Products : online_library_management_system
    • Published: Jul. 14, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-7600

    A vulnerability, which was classified as critical, was found in PHPGurukul Online Library Management System 3.0. This affects an unknown part of the file /admin/student-history.php. The manipulation of the argument stdid leads to sql injection. It is poss... Read more

    Affected Products : online_library_management_system
    • Published: Jul. 14, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-7599

    A vulnerability, which was classified as critical, has been found in PHPGurukul Dairy Farm Shop Management System 1.3. Affected by this issue is some unknown functionality of the file /invoice.php. The manipulation of the argument del leads to sql injecti... Read more

    Affected Products : dairy_farm_shop_management_system
    • Published: Jul. 14, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-7618

    A stored Cross-Site Scripting (XSS) vulnerability vulnerability was found in the File Explorer and Text Editor of ADM. An attacker could exploit this vulnerability to inject malicious scripts into the applications, which may then access cookies or other s... Read more

    Affected Products : data_master
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-7598

    A vulnerability classified as critical was found in Tenda AX1803 1.0.0.1. Affected by this vulnerability is the function formSetWifiMacFilterCfg of the file /goform/setWifiFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer ... Read more

    Affected Products : ax1803_firmware ax1803
    • Published: Jul. 14, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-7597

    A vulnerability classified as critical has been found in Tenda AX1803 1.0.0.1. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possib... Read more

    Affected Products : ax1803_firmware ax1803
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-7596

    A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been rated as critical. This issue affects the function formWifiExtraSet of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. ... Read more

    Affected Products : fh1205_firmware fh1205
    • Published: Jul. 14, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-7595

    A vulnerability was found in code-projects Job Diary 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view-cad.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely... Read more

    Affected Products : job_diary
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-51770

    An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.... Read more

    Affected Products : autopass_license_server
    • Published: Jul. 14, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-51769

    An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.... Read more

    Affected Products : autopass_license_server
    • Published: Jul. 14, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Information Disclosure

  • 8.0

    HIGH
    CVE-2024-51768

    An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.... Read more

    Affected Products : autopass_license_server
    • Published: Jul. 14, 2025
    • Modified: Jul. 25, 2025
Showing 20 of 291358 Results