Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.4

    HIGH
    CVE-2025-47751

    V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write in VS6EditData!CDataRomErrorCheck::MacroCommandCheck function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.... Read more

    Affected Products : monitouch_v-sft
    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-47750

    V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write in VS6MemInIF!set_temp_type_default function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.... Read more

    Affected Products : monitouch_v-sft
    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-47749

    V-SFT v6.2.5.0 and earlier contains an issue with free of pointer not at start of buffer in VS6EditData.dll!CWinFontInf::WinFontMsgCheck function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execu... Read more

    Affected Products : monitouch_v-sft
    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-46801

    Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or ta... Read more

    Affected Products : pgpool-ii
    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-37891

    In the Linux kernel, the following vulnerability has been resolved: ALSA: ump: Fix buffer overflow at UMP SysEx message conversion The conversion function from MIDI 1.0 to UMP packet contains an internal buffer to keep the incoming MIDI bytes, and its s... Read more

    Affected Products : linux_kernel
    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4916

    A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/admin-profile.php. The manipulation of the argument mobilenumber leads to sql injec... Read more

    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4915

    A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/auto-taxi-entry-detail.php. The manipulation of the argument price leads to sql inj... Read more

    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4914

    A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. It is po... Read more

    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4913

    A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. ... Read more

    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-4477

    The ThreatSonar Anti-Ransomware from TeamT5 has a Privilege Escalation vulnerability, allowing remote attackers with intermediate privileges to escalate their privileges to highest administrator level through a specific API.... Read more

    Affected Products : threatsonar_anti-ransomware
    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-2561

    The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (... Read more

    Affected Products : ninja_forms
    • Published: May. 19, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-2560

    The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (... Read more

    Affected Products : ninja_forms
    • Published: May. 19, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-2524

    The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (... Read more

    Affected Products : ninja_forms
    • Published: May. 19, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-1627

    The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site ... Read more

    Affected Products : qi_blocks
    • Published: May. 19, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-1626

    The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Countdown block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored C... Read more

    Affected Products : qi_blocks
    • Published: May. 19, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-1625

    The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Counter block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cro... Read more

    Affected Products : qi_blocks
    • Published: May. 19, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-4912

    A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/core/update_student.php of the component Image File Handler. Th... Read more

    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-4911

    A vulnerability, which was classified as critical, was found in PHPGurukul Zoo Management System 2.1. Affected is an unknown function of the file /admin/view-foreigner-ticket.php. The manipulation of the argument viewid leads to sql injection. It is possi... Read more

    Affected Products : zoo_management_system
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-2892

    The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post Meta Description and Canonical URL parameters in all versions up to, and including, 4.8.1.1 du... Read more

    Affected Products : all_in_one_seo
    • Published: May. 19, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-4910

    A vulnerability, which was classified as critical, has been found in PHPGurukul Zoo Management System 2.1. This issue affects some unknown processing of the file /admin/edit-animal-details.php. The manipulation of the argument aname leads to sql injection... Read more

    Affected Products : zoo_management_system
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection
Showing 20 of 293608 Results