Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-4751

    A vulnerability, which was classified as problematic, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected is an unknown function of the file /index.data. The manipulation leads to information disclosure. It is possible to launch the attack remote... Read more

    Affected Products : di-7003g_firmware di-7003g
    • Published: May. 16, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2025-4750

    A vulnerability, which was classified as problematic, has been found in D-Link DI-7003GV2 24.04.18D1 R(68125). This issue affects some unknown processing of the file /H5/get_version.data of the component Configuration Handler. The manipulation leads to in... Read more

    Affected Products : di-7003g_firmware di-7003g
    • Published: May. 16, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Information Disclosure

  • 5.9

    MEDIUM
    CVE-2025-3516

    The Simple Lightbox WordPress plugin before 2.9.4 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.... Read more

    Affected Products : simple_lightbox
    • Published: May. 16, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-3201

    The Contact Form builder with drag & drop for WordPress WordPress plugin before 2.4.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks.... Read more

    Affected Products : kali_forms
    • Published: May. 16, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-1245

    Bypass Connection Restriction vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component), Hitachi Ops Center Analyzer  (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics... Read more

    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 8.3

    HIGH
    CVE-2025-4759

    Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of the package URL validation which can be bypassed by extending the package name allowing an attacker to instal... Read more

    Affected Products : lockfile-lint-api
    • Published: May. 16, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Supply Chain

  • 8.7

    HIGH
    CVE-2025-4749

    A vulnerability classified as critical was found in D-Link DI-7003GV2 24.04.18D1 R(68125). This vulnerability affects the function sub_4983B0 of the file /H5/backup.asp?opt=reset of the component Factory Reset Handler. The manipulation leads to denial of ... Read more

    Affected Products : di-7003g_firmware di-7003g
    • Published: May. 16, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-4747

    A vulnerability was found in Bohua NetDragon Firewall 1.0 and classified as critical. This issue affects some unknown processing of the file /systemstatus/ip_status.php. The manipulation of the argument subnet leads to command injection. The attack may be... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4746

    A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pages/purchase_delete.php. The manipulation of the argument pr_id leads to sql injection. The attac... Read more

    Affected Products : sales_and_inventory_system
    • Published: May. 16, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-48175

    In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes.... Read more

    Affected Products : libavif
    • Published: May. 16, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-48174

    In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.... Read more

    Affected Products : libavif
    • Published: May. 16, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-4745

    A vulnerability, which was classified as problematic, was found in code-projects Employee Record System 1.0. This affects an unknown part of the file current_employees.php. The manipulation of the argument employeed_id/first_name/middle_name/last_name lea... Read more

    Affected Products : employee_record_system
    • Published: May. 16, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-4744

    A vulnerability, which was classified as problematic, has been found in code-projects Employee Record System 1.0. Affected by this issue is some unknown functionality of the file dashboard\edit_employee.php. The manipulation of the argument employeed_id/f... Read more

    Affected Products : employee_record_system
    • Published: May. 16, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-4743

    A vulnerability classified as critical was found in code-projects Employee Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /dashboard/getData.php. The manipulation of the argument keywords leads to sql injection. ... Read more

    Affected Products : employee_record_system
    • Published: May. 16, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-4742

    A vulnerability classified as problematic has been found in XU-YIJIE grpo-flat up to 9024b43f091e2eb9bac65802b120c0b35f9ba856. Affected is the function main of the file grpo_vanilla.py. The manipulation leads to deserialization. Local access is required t... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-4741

    A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pages/purchase_add.php. The manipulation of the argument ID leads to sql injection. The attack ma... Read more

    Affected Products : sales_and_inventory_system
    • Published: May. 16, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-4740

    A vulnerability was found in BeamCtrl Airiana up to 11.0. It has been declared as problematic. This vulnerability affects unknown code of the file coef. The manipulation leads to deserialization. The attack needs to be approached locally. The exploit has ... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-4739

    A vulnerability was found in projectworlds Hospital Database Management System 1.0. It has been classified as critical. This affects an unknown part of the file /medicines_info.php. The manipulation of the argument Med_ID leads to sql injection. It is pos... Read more

    • Published: May. 16, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-4169

    The Posts per Cat [Unmaintained plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ppc' shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attr... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-4736

    A vulnerability was found in PHPGurukul Daily Expense Tracker 1.1 and classified as critical. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument email leads to sql injection. The attack may be ... Read more

    Affected Products : daily_expense_tracker
    • Published: May. 16, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection
Showing 20 of 293633 Results