Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-48742

    The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution.... Read more

    Affected Products : pmb
    • Published: May. 27, 2025
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2025-26211

    Gibbon before 29.0.00 allows CSRF.... Read more

    Affected Products : gibbon
    • Published: May. 27, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2025-5226

    A vulnerability has been found in PHPGurukul Small CRM 3.0 and classified as critical. This vulnerability affects unknown code of the file /admin/change-password.php. The manipulation of the argument oldpass leads to sql injection. The attack can be initi... Read more

    Affected Products : small_crm
    • Published: May. 27, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5225

    A vulnerability, which was classified as critical, was found in Campcodes Advanced Online Voting System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument voter leads to sql injection. It is possible to initiate the... Read more

    • Published: May. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5224

    A vulnerability classified as critical has been found in Campcodes Online Hospital Management System 1.0. Affected is an unknown function of the file /admin/add-doctor.php. The manipulation of the argument Doctorspecialization leads to sql injection. It i... Read more

    Affected Products : online_hospital_management_system
    • Published: May. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5221

    A vulnerability was found in FreeFloat FTP Server 1.0.0. It has been classified as critical. This affects an unknown part of the component QUOTE Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. Th... Read more

    Affected Products : freefloat_ftp_server ftp_server
    • Published: May. 27, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-4683

    The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_blog function in all versions up to, and including, 4.17.5. This makes i... Read more

    Affected Products : mstore_api
    • Published: May. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-4682

    The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML attributes in Slider and Post Carousel widgets in all versions up to, and including, 5.4.0 due to insuffi... Read more

    Affected Products :
    • Published: May. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-48744

    In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution.... Read more

    Affected Products : pmb
    • Published: May. 27, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-48743

    SIGB PMB before 8.0.1.2 allows SQL injection.... Read more

    Affected Products : pmb
    • Published: May. 27, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5220

    A vulnerability was found in FreeFloat FTP Server 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the component GET Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. ... Read more

    Affected Products : freefloat_ftp_server ftp_server
    • Published: May. 27, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-33079

    IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code.... Read more

    Affected Products : cognos_controller controller
    • Published: May. 27, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-5219

    A vulnerability has been found in FreeFloat FTP Server 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component ASCII Command Handler. The manipulation leads to buffer overflow. The attack can be launch... Read more

    Affected Products : freefloat_ftp_server ftp_server
    • Published: May. 27, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5218

    A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0.0. Affected is an unknown function of the component LITERAL Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. ... Read more

    Affected Products : freefloat_ftp_server ftp_server
    • Published: May. 27, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5217

    A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0.0. This issue affects some unknown processing of the component RMDIR Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remo... Read more

    Affected Products : freefloat_ftp_server ftp_server
    • Published: May. 27, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5216

    A vulnerability classified as critical was found in PHPGurukul Student Record System 3.20. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. Th... Read more

    Affected Products : student_record_system
    • Published: May. 27, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5215

    A vulnerability classified as critical has been found in D-Link DCS-5020L 1.01_B2. This affects the function websReadEvent of the file /rame/ptdc.cgi. The manipulation of the argument Authorization leads to stack-based buffer overflow. It is possible to i... Read more

    Affected Products : dcs-5020l_firmware dcs-5020l
    • Published: May. 27, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5214

    A vulnerability was found in Kashipara Responsive Online Learing Platform 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /courses/course_detail_user_new.php. The manipulation of the argument ID leads t... Read more

    • Published: May. 27, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5213

    A vulnerability was found in projectworlds Responsive E-Learning System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/delete_file.php. The manipulation of the argument ID leads to sql ... Read more

    Affected Products : responsive_e-learning_system
    • Published: May. 27, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-4783

    The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML attributes of the Countdown Timer Widget in all versions up to, and including, 2.7.9.1 due to insufficient input sanitization and output esca... Read more

    Affected Products : exclusive_addons_for_elementor
    • Published: May. 27, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292238 Results