Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-6462

    The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SQLREPORT shortcode in all versions up to, and including, 5.25.11 due to insufficient input sanitization and output escapi... Read more

    • Published: Jun. 29, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-6844

    A vulnerability was found in code-projects Simple Forum 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /signin.php. The manipulation of the argument User leads to sql injection. The attack can... Read more

    Affected Products : simple_forum
    • Published: Jun. 29, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6843

    A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been classified as critical. Affected is an unknown function of the file /upload-photo.php. The manipulation of the argument file_img leads to unrestricted upload. It is possible ... Read more

    • Published: Jun. 29, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-6842

    A vulnerability was found in code-projects Product Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit_user.php. The manipulation of the argument ID leads to sql injection. The attack may be ... Read more

    Affected Products : product_inventory_system
    • Published: Jun. 29, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-6841

    A vulnerability has been found in code-projects Product Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit_product.php. The manipulation of the argument ID leads to sql injection. The attack ca... Read more

    Affected Products : product_inventory_system
    • Published: Jun. 29, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6840

    A vulnerability, which was classified as critical, was found in code-projects Product Inventory System 1.0. This affects an unknown part of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. It is... Read more

    Affected Products : product_inventory_system
    • Published: Jun. 29, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-6839

    A vulnerability, which was classified as critical, has been found in Conjure Position Department Service Quality Evaluation System up to 1.0.11. Affected by this issue is the function eval of the file public/assets/less/bootstrap-less/mixins/head.php. The... Read more

    Affected Products :
    • Published: Jun. 29, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-6837

    A vulnerability classified as critical was found in code-projects Library System 1.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument image leads to unrestricted upload. The attack can ... Read more

    Affected Products : library_system
    • Published: Jun. 29, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-6836

    A vulnerability classified as critical has been found in code-projects Library System 1.0. Affected is an unknown function of the file /profile.php. The manipulation of the argument phone leads to sql injection. It is possible to launch the attack remotel... Read more

    Affected Products : library_system
    • Published: Jun. 29, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6835

    A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student-issue-book.php. The manipulation of the argument reg leads to sql injection. The attack may be in... Read more

    Affected Products : library_system
    • Published: Jun. 29, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6834

    A vulnerability was found in code-projects Inventory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /php_action/editPayment.php. The manipulation of the argument orderId leads to sql injection.... Read more

    Affected Products : inventory_management_system
    • Published: Jun. 29, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-6829

    A vulnerability was found in aaluoxiang oa_system up to c3a08168c144f27256a90838492c713f55f1b207 and classified as critical. This issue affects the function outAddress of the component External Address Book Handler. The manipulation leads to sql injection... Read more

    Affected Products : oa_system
    • Published: Jun. 28, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6828

    A vulnerability has been found in code-projects Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /orders.php. The manipulation of the argument i leads to sql injection. The attack can be initi... Read more

    Affected Products : inventory_management_system
    • Published: Jun. 28, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Injection

  • 6.0

    MEDIUM
    CVE-2025-53393

    In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics.... Read more

    Affected Products : akka
    • Published: Jun. 28, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Misconfiguration

  • 5.0

    MEDIUM
    CVE-2025-53392

    In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and tha... Read more

    Affected Products : pfsense
    • Published: Jun. 28, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-6827

    A vulnerability, which was classified as critical, was found in code-projects Inventory Management System 1.0. This affects an unknown part of the file /php_action/editOrder.php. The manipulation leads to sql injection. It is possible to initiate the atta... Read more

    Affected Products : inventory_management_system
    • Published: Jun. 28, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-53391

    The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has insecure PolicyKit allow_any/allow_inactive/allow_active settings that allow a local user to escalate their privileges to root.... Read more

    Affected Products :
    • Published: Jun. 28, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-6826

    A vulnerability, which was classified as critical, has been found in code-projects Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /Payroll_Management_System/ajax.php?action=save_department. The manipulation... Read more

    • Published: Jun. 28, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-6825

    A vulnerability classified as critical was found in TOTOLINK A702R up to 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of ... Read more

    Affected Products : a702r_firmware a702r
    • Published: Jun. 28, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6824

    A vulnerability classified as critical has been found in TOTOLINK X15 up to 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url... Read more

    Affected Products : x15_firmware x15
    • Published: Jun. 28, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292826 Results