Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-3728

    A vulnerability classified as critical was found in SourceCodester Simple Hotel Booking System 1.0. This vulnerability affects the function Login. The manipulation of the argument uname leads to buffer overflow. It is possible to launch the attack on the ... Read more

    Affected Products : simple_hotel_booking_system
    • Published: Apr. 16, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-3727

    A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. This affects an unknown part of the component STATUS Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit h... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: Apr. 16, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-3620

    Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Apr. 16, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-3619

    Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)... Read more

    Affected Products : chrome windows edge_chromium
    • Published: Apr. 16, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-29710

    SourceCodester Company Website CMS 1.0 is vulnerable to Cross Site Scripting (XSS) via /dashboard/Services.... Read more

    • Published: Apr. 16, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-29709

    SourceCodester Company Website CMS 1.0 has a File upload vulnerability via the "Create portfolio" file /dashboard/portfolio.... Read more

    • Published: Apr. 16, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-29708

    SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create Services" file /dashboard/Services.... Read more

    • Published: Apr. 16, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-28072

    PHPGurukul Pre-School Enrollment System is vulnerable to Directory Traversal in manage-teachers.php.... Read more

    Affected Products : pre-school_enrollment_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-26153

    A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message.... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-55372

    Wallos <=2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an unaut... Read more

    Affected Products : wallos
    • Published: Apr. 16, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-55371

    Wallos <= 2.38.2 has a file upload vulnerability in the restore backup function, which allows authenticated users to restore backups by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an authentic... Read more

    Affected Products : wallos
    • Published: Apr. 16, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-3726

    A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component CD Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. T... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: Apr. 16, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-3725

    A vulnerability was found in PCMan FTP Server 2.0.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component MIC Command Handler. The manipulation leads to buffer overflow. The attack can be launched r... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: Apr. 16, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-3724

    A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. Affected is an unknown function of the component DIR Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exp... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: Apr. 16, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-3723

    A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. This issue affects some unknown processing of the component MDTM Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit ... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: Apr. 16, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-32817

    A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption.... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-31201

    This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authen... Read more

    Affected Products : macos iphone_os tvos ipados visionos
    • Actively Exploited
    • Published: Apr. 16, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-31200

    A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Processing an audio stream in a maliciously crafted media file may result in... Read more

    Affected Products : macos iphone_os tvos ipados visionos
    • Actively Exploited
    • Published: Apr. 16, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-39472

    Cross-Site Request Forgery (CSRF) vulnerability in WPWeb WooCommerce Social Login allows Cross Site Request Forgery.This issue affects WooCommerce Social Login: from n/a before 2.8.3.... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-32872

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetOverview' method. This could allow an authenticated remote attacker to bypas... Read more

    Affected Products : telecontrol_server_basic
    • Published: Apr. 16, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Injection
Showing 20 of 293592 Results