Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-4068

    A vulnerability classified as critical was found in code-projects Simple Movie Ticket Booking System 1.0. Affected by this vulnerability is the function changeprize. The manipulation of the argument prize leads to stack-based buffer overflow. The attack n... Read more

    • Published: Apr. 29, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-46346

    YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting (XSS) vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and ... Read more

    Affected Products : yeswiki
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-40619

    Bookgy does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to reach private areas and/or areas intended for other roles.... Read more

    Affected Products :
    • Published: Apr. 29, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Authorization

  • 9.3

    CRITICAL
    CVE-2025-40618

    SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDRESERVA"  parameter in /bkg_imprimir_comprobante.php... Read more

    Affected Products :
    • Published: Apr. 29, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-40617

    SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDTIPO", "IDPISTA" and "IDSOCIO" parameters in /bkg_seleccionar_hora_ajax.php.... Read more

    Affected Products :
    • Published: Apr. 29, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-40616

    Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "IDRESERVA" parameter in /bkg_imprimir_comprobante.php.... Read more

    Affected Products :
    • Published: Apr. 29, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-40615

    Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/api_ajustes.php.... Read more

    Affected Products :
    • Published: Apr. 29, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-32354

    In Zimbra Collaboration (ZCS) 9.0 through 10.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the GraphQL endpoint (/service/extension/graphql) of Zimbra webmail due to a lack of CSRF token validation. This allows attackers to perform unauth... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Apr. 29, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-25962

    An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the _modifyPosition function... Read more

    Affected Products :
    • Published: Apr. 29, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-25403

    Slims (Senayan Library Management Systems) 9 Bulian V9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/coll_type.php.... Read more

    Affected Products :
    • Published: Apr. 29, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-23179

    CWE-798: Use of Hard-coded Credentials... Read more

    Affected Products :
    • Published: Apr. 29, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Authentication

  • 7.6

    HIGH
    CVE-2025-23178

    CWE-923: Improper Restriction of Communication Channel to Intended Endpoints... Read more

    Affected Products :
    • Published: Apr. 29, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2025-23177

    CWE-427: Uncontrolled Search Path Element... Read more

    Affected Products :
    • Published: Apr. 29, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-1551

    IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionali... Read more

    Affected Products : operational_decision_manager
    • Published: Apr. 29, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-4067

    A vulnerability classified as critical has been found in ScriptAndTools Online-Travling-System 1.0. Affected is an unknown function of the file /admin/viewpackage.php. The manipulation leads to improper access controls. It is possible to launch the attack... Read more

    Affected Products : online_traveling_system
    • Published: Apr. 29, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-4066

    A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/addpackage.php. The manipulation leads to improper access controls. The attack may be init... Read more

    Affected Products : online_traveling_system
    • Published: Apr. 29, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-4065

    A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/addadvertisement.php. The manipulation leads to improper access controls. The attack can b... Read more

    Affected Products : online_traveling_system
    • Published: Apr. 29, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-4093

    Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.... Read more

    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-4092

    Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox... Read more

    Affected Products : firefox thunderbird
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-4091

    Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary c... Read more

    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293645 Results