Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-51800

    Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1.... Read more

    Affected Products : homey
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-3189

    Stored Cross-Site Scripting (XSS) in DoWISP in versions prior to 1.16.2.50, which consists of an stored XSS through the upload of a profile picture in SVG format with malicious Javascript code in it.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.8

    MEDIUM
    CVE-2025-31421

    Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Oblak Studio Srbtranslatin allows Retrieve Embedded Sensitive Data.This issue affects Srbtranslatin: from n/a through 3.2.0.... Read more

    Affected Products : srbtranslatin
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Information Disclosure

  • 7.6

    HIGH
    CVE-2025-31420

    Incorrect Privilege Assignment vulnerability in Tomdever wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.4.2.... Read more

    Affected Products : wpforo_forum
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-3245

    A vulnerability was found in itsourcecode Library Management System 1.0. It has been rated as critical. Affected by this issue is the function Search of the file library_management/src/Library_Management/Forgot.java. The manipulation of the argument txtun... Read more

    Affected Products : library_management_system
    • Published: Apr. 04, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-3244

    A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /add-admin.php of the component Create User Page. The ma... Read more

    • Published: Apr. 04, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-3243

    A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dental_form.php. The manipulation of the argument itr_no/dental_no leads to sql injection. ... Read more

    • Published: Apr. 04, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3242

    A vulnerability has been found in PHPGurukul e-Diary Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /search-result.php. The manipulation of the argument id/searchdata leads to sql injection. The attac... Read more

    Affected Products : e-diary_management_system
    • Published: Apr. 04, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-3241

    A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: XML External Entity

  • 9.8

    CRITICAL
    CVE-2025-3240

    A vulnerability, which was classified as critical, has been found in PHPGurukul Online Fire Reporting System 1.2. Affected by this issue is some unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to sql ... Read more

    Affected Products : online_fire_reporting_system
    • Published: Apr. 04, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3239

    A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. Affected by this vulnerability is an unknown functionality of the file /admin/edit-guard-detail.php. The manipulation of the argument editid leads to sql inje... Read more

    Affected Products : online_fire_reporting_system
    • Published: Apr. 04, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-22282

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EPC ez Form Calculator - WordPress plugin allows Reflected XSS.This issue affects ez Form Calculator - WordPress plugin: from n/a through 2.14.1.2.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-3238

    A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. Affected is an unknown function of the file /search-request.php. The manipulation of the argument searchdata leads to sql injection. It is possible to la... Read more

    Affected Products : online_fire_reporting_system
    • Published: Apr. 04, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2025-3237

    A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/wrlwpsset. The manipulation leads to improper access controls. The attack may be initiated remotely. The... Read more

    Affected Products : fh1202_firmware fh1202
    • Published: Apr. 04, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-3236

    A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/VirSerDMZ of the component Web Management Interface. The manipulation leads to improper access controls.... Read more

    Affected Products : fh1202_firmware fh1202
    • Published: Apr. 04, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-3235

    A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/profile.php. The manipulation of the argument adminname/contactnumber leads to sql injection. I... Read more

    Affected Products : old_age_home_management_system
    • Published: Apr. 04, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2025-2245

    A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitiz... Read more

    • Published: Apr. 04, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-2244

    A vulnerability in the sendMailFromRemoteSource method in Emails.php  as used in Bitdefender GravityZone Console unsafely uses php unserialize() on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger... Read more

    Affected Products : gravityzone
    • Published: Apr. 04, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-2243

    A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for ... Read more

    Affected Products : gravityzone
    • Published: Apr. 04, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.5

    HIGH
    CVE-2025-1865

    The kernel driver, accessible to low-privileged users, exposes a function that fails to properly validate the privileges of the calling process. This allows creating files at arbitrary locations with full user control, ultimately allowing for privilege es... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Authorization
Showing 20 of 293261 Results