Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-7185

    A vulnerability was found in code-projects Library System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /approve.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remo... Read more

    Affected Products : library_system
    • Published: Jul. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7184

    A vulnerability was found in code-projects Library System 1.0. It has been classified as critical. This affects an unknown part of the file /user/teacher/books.php. The manipulation of the argument Search leads to sql injection. It is possible to initiate... Read more

    Affected Products : library_system
    • Published: Jul. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-6771

    OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution... Read more

    Affected Products : endpoint_manager_mobile
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-5464

    Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information.... Read more

    Affected Products : connect_secure
    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Information Disclosure

  • 5.8

    MEDIUM
    CVE-2025-43019

    A potential security vulnerability has been identified in the HP Support Assistant, which allows a local attacker to escalate privileges via an arbitrary file deletion.... Read more

    Affected Products : support_assistant
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-3648

    A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list (ACL) configurations, this vulnerability could enable unauthenticated and authenticated u... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 6.6

    MEDIUM
    CVE-2025-0293

    CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-0292

    SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.0

    HIGH
    CVE-2025-7326

    Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor supp... Read more

    Affected Products : asp.net_core
    • Published: Jul. 08, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-7183

    A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/customer_account.php. The manipulation of the argument Customer leads to sql injectio... Read more

    Affected Products : sales_and_inventory_system
    • Published: Jul. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-7182

    A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/modules/subject/edit.php. The manipulation of the argument... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-7037

    SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database... Read more

    Affected Products : endpoint_manager
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2025-6996

    Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.... Read more

    Affected Products : endpoint_manager
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cryptography

  • 8.4

    HIGH
    CVE-2025-6995

    Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.... Read more

    Affected Products : endpoint_manager
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cryptography

  • 7.2

    HIGH
    CVE-2025-6770

    OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution... Read more

    Affected Products : endpoint_manager_mobile
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-5463

    Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Information Disclosure

  • 4.9

    MEDIUM
    CVE-2025-5451

    A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 6.3

    MEDIUM
    CVE-2025-5450

    Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be r... Read more

    Affected Products : connect_secure policy_secure
    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-53545

    Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Users can circumvent 2FA login for users due to a lack of server side validation for the same. This vulnerability is fi... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-53480

    The CheckUser extension’s Special:Investigate page has a vulnerability in the Account information tab, where specific internationalized messages are rendered without proper escaping. Attackers can exploit this by appending ?uselang=x-xss to the URL, causi... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291312 Results