Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-32475

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProject' method. This could allow an authenticated remote attacker to byp... Read more

    Affected Products : telecontrol_server_basic
    • Published: Apr. 16, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-31353

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateOpcSettings' method. This could allow an authenticated remote attacker to... Read more

    Affected Products : telecontrol_server_basic
    • Published: Apr. 16, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-31352

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateGateways' method. This could allow an authenticated remote attacker to by... Read more

    Affected Products : telecontrol_server_basic
    • Published: Apr. 16, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-31351

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateProject' method. This could allow an authenticated remote attacker to byp... Read more

    Affected Products : telecontrol_server_basic
    • Published: Apr. 16, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-31350

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateBufferingSettings' method. This could allow an authenticated remote attac... Read more

    Affected Products : telecontrol_server_basic
    • Published: Apr. 16, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-31349

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateSmtpSettings' method. This could allow an authenticated remote attacker t... Read more

    Affected Products : telecontrol_server_basic
    • Published: Apr. 16, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-31343

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateTcmSettings' method. This could allow an authenticated remote attacker to... Read more

    Affected Products : telecontrol_server_basic
    • Published: Apr. 16, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-30032

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateDatabaseSettings' method. This could allow an authenticated remote attack... Read more

    Affected Products : telecontrol_server_basic
    • Published: Apr. 16, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-30031

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateUsers' method. This could allow an authenticated remote attacker to bypas... Read more

    Affected Products : telecontrol_server_basic
    • Published: Apr. 16, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-30030

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ImportDatabase' method. This could allow an authenticated remote attacker to by... Read more

    Affected Products : telecontrol_server_basic
    • Published: Apr. 16, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-30003

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectConnections' method. This could allow an authenticated remote atta... Read more

    Affected Products : telecontrol_server_basic
    • Published: Apr. 16, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-30002

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariables' method. This could allow an authenticated remote att... Read more

    Affected Products : telecontrol_server_basic
    • Published: Apr. 16, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-2291

    Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password... Read more

    Affected Products : pgbouncer
    • Published: Apr. 16, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-29905

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'RestoreFromBackup' method. This could allow an authenticated remote attacker to... Read more

    Affected Products : telecontrol_server_basic
    • Published: Apr. 16, 2025
    • Modified: Aug. 19, 2025

  • 9.8

    CRITICAL
    CVE-2025-27540

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'Authenticate' method. This could allow an unauthenticated remote attacker to by... Read more

    Affected Products : telecontrol_server_basic
    • Published: Apr. 16, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-27539

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'VerifyUser' method. This could allow an unauthenticated remote attacker to bypa... Read more

    Affected Products : telecontrol_server_basic
    • Published: Apr. 16, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-27495

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateTrace' method. This could allow an unauthenticated remote attacker to byp... Read more

    Affected Products : telecontrol_server_basic
    • Published: Apr. 16, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-22872

    The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse ... Read more

    Affected Products : networking
    • Published: Apr. 16, 2025
    • Modified: May. 16, 2025

  • 7.3

    HIGH
    CVE-2024-53305

    An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query.... Read more

    Affected Products : whoogle-search whoogle_search
    • Published: Apr. 16, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-53304

    An issue in LRQA Nettitude PoshC2 after commit 09ee2cf allows unauthenticated attackers to connect to the C2 server and execute arbitrary commands via posing as an infected machine.... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Authentication
Showing 20 of 293542 Results