Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-20264

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to insuf... Read more

    Affected Products : identity_services_engine
    • Published: Jun. 25, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2024-57708

    An issue in OneTrust SDK v.6.33.0 allows a local attacker to cause a denial of service via the Object.setPrototypeOf, __proto__, and Object.assign components. NOTE: this is disputed by the Supplier who does not agree it is a prototype pollution vulnerabil... Read more

    Affected Products :
    • Published: Jun. 25, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2025-6610

    A vulnerability was found in itsourcecode Employee Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file /admin/editempprofile.php. The manipulation of the argument FirstName leads to sql injection. It i... Read more

    Affected Products : employee_management_system
    • Published: Jun. 25, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-6609

    A vulnerability was found in SourceCodester Best Salon Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /panel/bwdates-reports-details.php. The manipulation of the argument fromdate/todate ... Read more

    Affected Products : best_salon_management_system
    • Published: Jun. 25, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-6608

    A vulnerability has been found in SourceCodester Best Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /panel/edit-services.php. The manipulation of the argument editid leads to... Read more

    Affected Products : best_salon_management_system
    • Published: Jun. 25, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-49135

    CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 have no validation during the import process of a project or task backup to check that the filename specified in the query parameter refe... Read more

    Affected Products : computer_vision_annotation_tool
    • Published: Jun. 25, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2024-27685

    SQL Injection vulnerability in Student Record system Using PHP and MySQL v.3.20 allows a remote attacker to obtain sensitive information via a crafted payload to the $cshortname, $cfullname, and $cdate variables.... Read more

    Affected Products : student_record_system
    • Published: Jun. 25, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2021-4457

    The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server.... Read more

    Affected Products : zoomsounds
    • Published: Jun. 25, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-6607

    A vulnerability, which was classified as critical, was found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/stock.php. The manipulation of the argument ID leads to sql injection. It is possible to la... Read more

    Affected Products : best_salon_management_system
    • Published: Jun. 25, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-6606

    A vulnerability, which was classified as critical, has been found in SourceCodester Best Salon Management System 1.0. This issue affects some unknown processing of the file /panel/add-services.php. The manipulation of the argument Type leads to sql inject... Read more

    Affected Products : best_salon_management_system
    • Published: Jun. 25, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-6605

    A vulnerability classified as critical was found in SourceCodester Best Salon Management System 1.0. This vulnerability affects unknown code of the file /panel/edit-staff.php. The manipulation of the argument editid leads to sql injection. The attack can ... Read more

    Affected Products : best_salon_management_system
    • Published: Jun. 25, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 4.6

    MEDIUM
    CVE-2025-48991

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions ... Read more

    Affected Products : tuleap
    • Published: Jun. 25, 2025
    • Modified: Aug. 21, 2025

  • 8.1

    HIGH
    CVE-2025-48954

    Discourse is an open-source discussion platform. Versions prior to 3.5.0.beta6 are vulnerable to cross-site scripting when the content security policy isn't enabled when using social logins. Version 3.5.0.beta6 patches the issue. As a workaround, have the... Read more

    Affected Products : discourse
    • Published: Jun. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-6604

    A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/add-staff.php. The manipulation of the argument Name leads to sql injection. It is possible to initia... Read more

    Affected Products : best_salon_management_system
    • Published: Jun. 25, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6543

    Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server... Read more

    • Actively Exploited
    • Published: Jun. 25, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-25012

    URL redirection to an untrusted site ('Open Redirect') in Kibana can lead to sending a user to an arbitrary site and server-side request forgery via a specially crafted URL.... Read more

    Affected Products : kibana
    • Published: Jun. 25, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-6603

    A vulnerability was found in coldfunction qCUDA up to db0085400c2f2011eed46fbc04fdc0873141688e. It has been rated as problematic. Affected by this issue is the function qcow_make_empty of the file qCUDA/qcu-device/block/qcow.c. The manipulation of the arg... Read more

    Affected Products :
    • Published: Jun. 25, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-6613

    A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulnerability is an unknown functionality of the file /doctor/manage-patient.php. The manipulation of the argument Name leads to cross site ... Read more

    • Published: Jun. 25, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-5927

    The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated att... Read more

    Affected Products : everest_forms
    • Published: Jun. 25, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2025-49797

    Multiple Brother driver installers for Windows contain a privilege escalation vulnerability. If exploited, an arbitrary program may be executed with the administrative privilege. As for the details of affected product names, model numbers, and versions, r... Read more

    Affected Products :
    • Published: Jun. 25, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Authorization
Showing 20 of 292907 Results