Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-3332

    A vulnerability, which was classified as critical, was found in codeprojects Online Restaurant Management System 1.0. Affected is an unknown function of the file /admin/menu_save.php. The manipulation of the argument menu leads to sql injection. It is pos... Read more

    • Published: Apr. 07, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3331

    A vulnerability, which was classified as critical, has been found in codeprojects Online Restaurant Management System 1.0. This issue affects some unknown processing of the file /payment_save.php. The manipulation of the argument mode leads to sql injecti... Read more

    • Published: Apr. 07, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 3.3

    LOW
    CVE-2025-27534

    in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.... Read more

    Affected Products : openharmony
    • Published: Apr. 07, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Denial of Service

  • 3.3

    LOW
    CVE-2025-25057

    in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.... Read more

    Affected Products : openharmony
    • Published: Apr. 07, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Denial of Service

  • 3.3

    LOW
    CVE-2025-24304

    in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds write.... Read more

    Affected Products : openharmony
    • Published: Apr. 07, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-22851

    in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow.... Read more

    Affected Products : openharmony
    • Published: Apr. 07, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Memory Corruption

  • 3.3

    LOW
    CVE-2025-22842

    in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.... Read more

    Affected Products : openharmony
    • Published: Apr. 07, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Denial of Service

  • 3.3

    LOW
    CVE-2025-22452

    in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.... Read more

    Affected Products : openharmony
    • Published: Apr. 07, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Denial of Service

  • 3.3

    LOW
    CVE-2025-20102

    in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.... Read more

    Affected Products : openharmony
    • Published: Apr. 07, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-3330

    A vulnerability classified as critical was found in codeprojects Online Restaurant Management System 1.0. This vulnerability affects unknown code of the file /reservation_save.php. The manipulation of the argument first leads to sql injection. The attack ... Read more

    • Published: Apr. 07, 2025
    • Modified: Apr. 07, 2025

  • 3.1

    LOW
    CVE-2025-3329

    A vulnerability classified as problematic has been found in Consumer Comanda Mobile up to 14.9.3.2/15.0.0.8. This affects an unknown part of the component Restaurant Order Handler. The manipulation of the argument Login/Password leads to cleartext transmi... Read more

    Affected Products : comanda_mobile
    • Published: Apr. 07, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Cryptography

  • 9.0

    HIGH
    CVE-2025-3328

    A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid/timeZone leads to buffer overfl... Read more

    Affected Products : ac1206_firmware ac1206
    • Published: Apr. 07, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-3327

    A vulnerability was found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This issue affects some unknown processing of the file /common/upload/batch of the component File Upload. The manipulation of the argument File leads to cross site scripti... Read more

    Affected Products : iboot
    • Published: Apr. 07, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-3326

    A vulnerability has been found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This vulnerability affects unknown code of the file /common/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. ... Read more

    Affected Products : iboot
    • Published: Apr. 07, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-3325

    A vulnerability, which was classified as problematic, was found in iteaj iboot 物联网网关 1.1.3. This affects an unknown part of the file /core/admin/pwd of the component Admin Password Handler. The manipulation of the argument ID leads to improper access cont... Read more

    Affected Products : iboot
    • Published: Apr. 06, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-3324

    A vulnerability, which was classified as critical, has been found in godcheese/code-projects Nimrod 0.8. Affected by this issue is some unknown functionality of the file FileRestController.java. The manipulation of the argument File leads to unrestricted ... Read more

    Affected Products : nimrod
    • Published: Apr. 06, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-3323

    A vulnerability classified as critical was found in godcheese/code-projects Nimrod 0.8. Affected by this vulnerability is the function searchAllByName of the file ViewMenuCategoryRestController.java. The manipulation of the argument Name leads to sql inje... Read more

    Affected Products : nimrod
    • Published: Apr. 06, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-32013

    LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery (SSRF) vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callb... Read more

    Affected Products : lnbits
    • Published: Apr. 06, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.2

    HIGH
    CVE-2025-31492

    mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results in disclosure of protect... Read more

    Affected Products : mod_auth_openidc
    • Published: Apr. 06, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Information Disclosure

  • 4.9

    MEDIUM
    CVE-2025-31488

    Plain Craft Launcher (PCL) is a launcher for Minecraft. PCL allows users to use homepages provided by third parties. If controls such as WebBrowser are used in the homepage, WPF will use Internet Explorer to load the specified webpage. If the user uses a ... Read more

    Affected Products :
    • Published: Apr. 06, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293353 Results