Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-6925

    A vulnerability has been found in Dromara RuoYi-Vue-Plus 5.4.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /src/main/java/org/dromara/demo/controller/MailController.java of the component Mail Handler.... Read more

    Affected Products :
    • Published: Jun. 30, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-6917

    A vulnerability has been found in code-projects Online Hotel Booking 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/registration.php. The manipulation of the argument uname leads to sql injection. The attack can... Read more

    Affected Products : online_hotel_booking
    • Published: Jun. 30, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-52898

    Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, a carefully crafted request could lead to a malicious actor getting access to a user's password reset token. This can only be exploited on self hosted instances confi... Read more

    Affected Products : frappe
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-6916

    A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. This affects the function Form_Login of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The at... Read more

    Affected Products : t6_firmware t6
    • Published: Jun. 30, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-6915

    A vulnerability, which was classified as critical, has been found in PHPGurukul Student Record System 3.2. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument session leads to sql injection. The... Read more

    Affected Products : student_record_system
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-52896

    Frappe is a full-stack web application framework. Prior to versions 14.94.2 and 15.57.0, authenticated users could upload carefully crafted malicious files via Data Import, leading to cross-site scripting (XSS). This issue has been patched in versions 14.... Read more

    Affected Products : frappe
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-52895

    Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, SQL injection could be achieved via a specially crafted request, which could allow malicious person to gain access to sensitive information. This issue has been patch... Read more

    Affected Products : frappe
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-47871

    Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly validate channel membership when retrieving playbook run metadata, allowing authenticated users who are playbook members but not... Read more

    Affected Products : mattermost_server
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-46702

    Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with me... Read more

    Affected Products : mattermost_server
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-45931

    An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 7.0

    HIGH
    CVE-2025-45143

    string-math v1.2.2 was discovered to contain a Regex Denial of Service (ReDoS) which is exploited via a crafted input.... Read more

    Affected Products :
    • Published: Jun. 30, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-26074

    Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.... Read more

    Affected Products :
    • Published: Jun. 30, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-6914

    A vulnerability classified as critical was found in PHPGurukul Student Record System 3.2. Affected by this vulnerability is an unknown functionality of the file /edit-student.php. The manipulation of the argument fmarks2 leads to sql injection. The attack... Read more

    Affected Products : student_record_system
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-6913

    A vulnerability classified as critical has been found in PHPGurukul Student Record System 3.2. Affected is an unknown function of the file /admin-profile.php. The manipulation of the argument aemailid leads to sql injection. It is possible to launch the a... Read more

    Affected Products : student_record_system
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 4.6

    MEDIUM
    CVE-2024-12915

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Devinim Software Library Software allows Reflected XSS.This issue affects Library Software: before 24.11.02.... Read more

    Affected Products :
    • Published: Jun. 30, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-6912

    A vulnerability was found in PHPGurukul Student Record System 3.2. It has been rated as critical. This issue affects some unknown processing of the file /manage-students.php. The manipulation of the argument del leads to sql injection. The attack may be i... Read more

    Affected Products : student_record_system
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-6911

    A vulnerability was found in PHPGurukul Student Record System 3.2. It has been declared as critical. This vulnerability affects unknown code of the file /manage-subjects.php. The manipulation of the argument del leads to sql injection. The attack can be i... Read more

    Affected Products : student_record_system
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-2895

    IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser w... Read more

    Affected Products : cloud_pak_system
    • Published: Jun. 30, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-53621

    A buffer overflow in the formSetCfm() function of Tenda AC1206 1200M 11ac US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products :
    • Published: Jun. 30, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2023-47310

    A misconfiguration in the default settings of MikroTik RouterOS 7 and fixed in v7.14 allows incoming IPv6 UDP traceroute packets.... Read more

    Affected Products :
    • Published: Jun. 30, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293353 Results