Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2025-42959

    An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system ... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025

  • 2.7

    LOW
    CVE-2025-42954

    SAP NetWeaver Business Warehouse CCAW application allows a privileged attacker to cause a high CPU load by executing a RFC enabled function modules without any input parameters, which results in reduced performance or interrupted operation of the affected... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025

  • 8.1

    HIGH
    CVE-2025-42953

    SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the s... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025

  • 7.7

    HIGH
    CVE-2025-42952

    SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to add fields to arbitrary SAP database tables and/or structures, potentially rendering the system unusable. On successful exploitation, an attacker can render the system unusab... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025

  • 4.1

    MEDIUM
    CVE-2025-31326

    SAP�BusinessObjects Business�Intelligence Platform (Web Intelligence) is vulnerable to HTML Injection, allowing an attacker with basic user privileges to inject malicious code into specific input fields. This could lead to unintended redirects or manipula... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025

  • 5.4

    MEDIUM
    CVE-2025-7153

    A vulnerability classified as problematic was found in CodeAstro Simple Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /doctor.html of the component POST Parameter Handler. The manipulation of the ar... Read more

    Affected Products : simple_hospital_management_system
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025

  • 8.8

    HIGH
    CVE-2025-7152

    A vulnerability classified as critical has been found in Campcodes Advanced Online Voting System 1.0. Affected is an unknown function of the file /admin/candidates_add.php. The manipulation of the argument photo leads to unrestricted upload. It is possibl... Read more

    Affected Products : advanced_online_voting_system
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025

  • 8.8

    HIGH
    CVE-2025-7151

    A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/voters_add.php. The manipulation of the argument photo leads to unrestricted upload. The... Read more

    Affected Products : advanced_online_voting_system
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 8.8

    HIGH
    CVE-2025-7150

    A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/voters_delete.php. The manipulation of the argument ID leads to sql injection. The attac... Read more

    Affected Products : advanced_online_voting_system
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 8.8

    HIGH
    CVE-2025-7149

    A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/candidates_delete.php. The manipulation of the argument ID leads to sql injection. It is possible... Read more

    Affected Products : advanced_online_voting_system
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 5.4

    MEDIUM
    CVE-2025-7148

    A vulnerability was found in CodeAstro Simple Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /patient.html of the component POST Parameter Handler. The manipulation leads to c... Read more

    Affected Products : simple_hospital_management_system
    • Published: Jul. 07, 2025
    • Modified: Jul. 09, 2025

  • 9.8

    CRITICAL
    CVE-2025-7147

    A vulnerability has been found in CodeAstro Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. ... Read more

    Affected Products : patient_record_management_system
    • Published: Jul. 07, 2025
    • Modified: Jul. 09, 2025

  • 4.8

    MEDIUM
    CVE-2025-7144

    A vulnerability has been found in SourceCodester Best Salon Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /panel/admin-profile.php of the component Admin Profile Page. The manipulation of the argu... Read more

    Affected Products : best_salon_management_system
    • Published: Jul. 07, 2025
    • Modified: Jul. 09, 2025

  • 5.4

    MEDIUM
    CVE-2025-7143

    A vulnerability, which was classified as problematic, was found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/edit-tax.php of the component Update Tax Page. The manipulation of the argument Tax Name le... Read more

    Affected Products : best_salon_management_system
    • Published: Jul. 07, 2025
    • Modified: Jul. 09, 2025

  • 5.4

    MEDIUM
    CVE-2025-7142

    A vulnerability, which was classified as problematic, has been found in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /panel/search-appointment.php. The manipulation leads to cross site s... Read more

    Affected Products : best_salon_management_system
    • Published: Jul. 07, 2025
    • Modified: Jul. 09, 2025

  • 4.2

    MEDIUM
    CVE-2025-53543

    Kestra is an event-driven orchestration platform. The error message in execution "Overview" tab is vulnerable to stored XSS due to improper handling of HTTP response received. This vulnerability is fixed in 0.22.0.... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 8.7

    HIGH
    CVE-2025-53540

    arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery (CSRF). The update endpo... Read more

    Affected Products : arduino-esp32
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 6.9

    MEDIUM
    CVE-2025-53539

    FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. fastapi-guard's penetration attempts detection uses regex to scan incoming requests. However, some of the regex pattern... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 5.4

    MEDIUM
    CVE-2025-53496

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MediaSearch Extension allows Stored XSS.This issue affects Mediawiki - MediaSearch Extension: from 1.42.X before ... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 5.4

    MEDIUM
    CVE-2025-7141

    A vulnerability classified as problematic was found in SourceCodester Best Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /panel/edit_plan.php of the component Update Staff Page. The manipulation leads ... Read more

    Affected Products : best_salon_management_system
    • Published: Jul. 07, 2025
    • Modified: Jul. 09, 2025
Showing 20 of 291058 Results