Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-37658

    An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the bbs/member_confirm.php.... Read more

    Affected Products : gnuboard
    • Published: Jul. 07, 2025
    • Modified: Jul. 10, 2025

  • 6.1

    MEDIUM
    CVE-2024-37657

    An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via thebbs/login.php component.... Read more

    Affected Products : gnuboard
    • Published: Jul. 07, 2025
    • Modified: Jul. 10, 2025

  • 6.1

    MEDIUM
    CVE-2024-37656

    An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the insufficient URL parameter verification in bbs/logout.php.... Read more

    Affected Products : gnuboard
    • Published: Jul. 07, 2025
    • Modified: Jul. 10, 2025

  • 8.8

    HIGH
    CVE-2025-7137

    A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been classified as critical. This affects an unknown part of the file /panel/schedule-staff.php. The manipulation of the argument staff_id leads to sql injection. It is p... Read more

    Affected Products : best_salon_management_system
    • Published: Jul. 07, 2025
    • Modified: Jul. 09, 2025

  • 9.8

    CRITICAL
    CVE-2025-7136

    A vulnerability, which was classified as critical, was found in Campcodes Online Recruitment Management System 1.0. Affected is an unknown function of the file /admin/view_vacancy.php. The manipulation of the argument ID leads to sql injection. It is poss... Read more

    • Published: Jul. 07, 2025
    • Modified: Jul. 09, 2025

  • 5.3

    MEDIUM
    CVE-2025-53532

    giscus is a commenting system powered by GitHub Discussions. A bug in giscus' discussions creation API allowed an unauthorized user to create discussions on any repository where giscus is installed. This affects the server-side part of giscus, which is pr... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 8.7

    HIGH
    CVE-2025-53531

    WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the fid parameter. Tests confirmed t... Read more

    Affected Products : wegia
    • Published: Jul. 07, 2025
    • Modified: Jul. 10, 2025

  • 8.7

    HIGH
    CVE-2025-53530

    WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the errorstr parameter. Tests confir... Read more

    Affected Products : wegia
    • Published: Jul. 07, 2025
    • Modified: Jul. 10, 2025

  • 9.8

    CRITICAL
    CVE-2025-53529

    WeGIA is a web manager for charitable institutions. An SQL Injection vulnerability was identified in the /html/funcionario/profile_funcionario.php endpoint. The id_funcionario parameter is not properly sanitized or validated before being used in a SQL que... Read more

    Affected Products : wegia
    • Published: Jul. 07, 2025
    • Modified: Jul. 10, 2025

  • 9.8

    CRITICAL
    CVE-2025-53527

    WeGIA is a web manager for charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in the almox parameter of the /controle/relatorio_geracao.php endpoint. This issue allows attacker to inject arbitrary SQL queries, potential... Read more

    Affected Products : wegia
    • Published: Jul. 07, 2025
    • Modified: Jul. 10, 2025

  • 6.1

    MEDIUM
    CVE-2025-53526

    WeGIA is a web manager for charitable institutions. An XSS Injection vulnerability was identified in novo_memorando.php. After the memo was submitted, the vulnerability was confirmed by accessing listar_memorandos_antigos.php. Upon loading this page, the ... Read more

    Affected Products : wegia
    • Published: Jul. 07, 2025
    • Modified: Jul. 10, 2025

  • 6.1

    MEDIUM
    CVE-2025-53525

    WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the profile_familiar.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the i... Read more

    Affected Products : wegia
    • Published: Jul. 07, 2025
    • Modified: Jul. 10, 2025

  • 5.4

    MEDIUM
    CVE-2025-53497

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - RelatedArticles Extension allows Stored XSS.This issue affects Mediawiki - RelatedArticles Extension: from 1.43.X... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 5.4

    MEDIUM
    CVE-2025-53491

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - FlaggedRevs Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - FlaggedRevs Extension: fro... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 6.1

    MEDIUM
    CVE-2025-53377

    WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the cadastro_dependente_pessoa_nova.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious s... Read more

    Affected Products : wegia
    • Published: Jul. 07, 2025
    • Modified: Jul. 10, 2025

  • 8.2

    HIGH
    CVE-2025-36014

    IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory.... Read more

    • Published: Jul. 07, 2025
    • Modified: Aug. 25, 2025

  • 7.0

    HIGH
    CVE-2025-1351

    IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function.... Read more

    Affected Products : storage_virtualize
    • Published: Jul. 07, 2025
    • Modified: Aug. 14, 2025

  • 9.1

    CRITICAL
    CVE-2024-25178

    LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c.... Read more

    Affected Products : luajit
    • Published: Jul. 07, 2025
    • Modified: Jul. 24, 2025

  • 7.5

    HIGH
    CVE-2024-25177

    LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS).... Read more

    Affected Products : luajit
    • Published: Jul. 07, 2025
    • Modified: Jul. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-25176

    LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c.... Read more

    Affected Products : luajit
    • Published: Jul. 07, 2025
    • Modified: Jul. 24, 2025
Showing 20 of 291058 Results