Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-27540

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'Authenticate' method. This could allow an unauthenticated remote attacker to by... Read more

    Affected Products : telecontrol_server_basic
    • Published: Apr. 16, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-27539

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'VerifyUser' method. This could allow an unauthenticated remote attacker to bypa... Read more

    Affected Products : telecontrol_server_basic
    • Published: Apr. 16, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-27495

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateTrace' method. This could allow an unauthenticated remote attacker to byp... Read more

    Affected Products : telecontrol_server_basic
    • Published: Apr. 16, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-22872

    The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse ... Read more

    Affected Products : networking
    • Published: Apr. 16, 2025
    • Modified: May. 16, 2025

  • 7.3

    HIGH
    CVE-2024-53305

    An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query.... Read more

    Affected Products : whoogle-search whoogle_search
    • Published: Apr. 16, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-53304

    An issue in LRQA Nettitude PoshC2 after commit 09ee2cf allows unauthenticated attackers to connect to the C2 server and execute arbitrary commands via posing as an infected machine.... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-53303

    A remote code execution (RCE) vulnerability in the upload_file function of LRQA Nettitude PoshC2 after commit 123db87 allows authenticated attackers to execute arbitrary code via a crafted POST request.... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Authentication

  • 5.9

    MEDIUM
    CVE-2025-3739

    Vulnerability in Drupal Drupal 8 Google Optimize Hide Page.This issue affects Drupal 8 Google Optimize Hide Page: *.*.... Read more

    • Published: Apr. 16, 2025
    • Modified: Jun. 18, 2025

  • 5.9

    MEDIUM
    CVE-2025-3738

    Vulnerability in Drupal Google Optimize.This issue affects Google Optimize: *.*.... Read more

    Affected Products : google_optimize
    • Published: Apr. 16, 2025
    • Modified: Sep. 02, 2025

  • 5.9

    MEDIUM
    CVE-2025-3737

    Vulnerability in Drupal Google Maps: Store Locator.This issue affects Google Maps: Store Locator: *.*.... Read more

    Affected Products : _store_locator_project
    • Published: Apr. 16, 2025
    • Modified: Sep. 02, 2025

  • 5.9

    MEDIUM
    CVE-2025-3736

    Vulnerability in Drupal Simple GTM.This issue affects Simple GTM: *.*.... Read more

    Affected Products : simple_gtm
    • Published: Apr. 16, 2025
    • Modified: Sep. 02, 2025

  • 5.9

    MEDIUM
    CVE-2025-3735

    Vulnerability in Drupal Panelizer (obsolete).This issue affects Panelizer (obsolete): *.*.... Read more

    Affected Products : panelizer_\(obsolete\)
    • Published: Apr. 16, 2025
    • Modified: Sep. 02, 2025

  • 5.9

    MEDIUM
    CVE-2025-3734

    Allocation of Resources Without Limits or Throttling vulnerability in Drupal Stage File Proxy allows Flooding.This issue affects Stage File Proxy: from 0.0.0 before 3.1.5.... Read more

    Affected Products : stage_file_proxy
    • Published: Apr. 16, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-3733

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal baguetteBox.Js allows Cross-Site Scripting (XSS).This issue affects baguetteBox.Js: from 0.0.0 before 2.0.4, from 3.0.0 before 3.0.1.... Read more

    Affected Products : baguettebox.js
    • Published: Apr. 16, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-2564

    Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archive... Read more

    Affected Products : mattermost_server
    • Published: Apr. 16, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-20236

    A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. T... Read more

    Affected Products : webex_teams
    • Published: Apr. 16, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2024-40074

    Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/SystemSettings.php?f=update_settings, and the point of vulnerability is in the POST parameter 'short_name'.... Read more

    Affected Products : online_id_generator_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-40073

    Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the template parameter at id_generator/admin/?page=generate&template=4.... Read more

    Affected Products : online_id_generator_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-40072

    Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=generate/index&id=1.... Read more

    Affected Products : online_id_generator_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-40071

    Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP f... Read more

    Affected Products : online_id_generator_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293588 Results