Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-10790

    A security flaw has been discovered in SourceCodester Simple Forum Discussion System 1.0. This affects an unknown function of the file /ajax.php?action=save_category. The manipulation of the argument Description results in sql injection. The attack can be... Read more

    Affected Products : simple_forum\/discussion_system
    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10791

    A weakness has been identified in code-projects Online Bidding System 1.0. This impacts an unknown function of the file /administrator/index.php. This manipulation of the argument aduser causes sql injection. The attack is possible to be carried out remot... Read more

    Affected Products : online_bidding_system
    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10793

    A vulnerability was detected in code-projects E-Commerce Website 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/admin_account_delete.php. Performing manipulation of the argument user_id results in sql injection. It is p... Read more

    Affected Products : e-commerce_website
    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-10794

    A flaw has been found in PHPGurukul Car Rental Project 3.0. Affected by this issue is some unknown functionality of the file /carrental/search.php. Executing manipulation of the argument autofocus can lead to cross site scripting. It is possible to launch... Read more

    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-10795

    A vulnerability has been found in code-projects Online Bidding System 1.0. This affects an unknown part of the file /administrator/bidupdate.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit... Read more

    Affected Products : online_bidding_system
    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10796

    A vulnerability was found in code-projects Hostel Management System 1.0. This vulnerability affects unknown code of the file /justines/admin/login.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. T... Read more

    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10797

    A vulnerability was determined in code-projects Hostel Management System 1.0. This issue affects some unknown processing of the file /justines/index.php. This manipulation of the argument log_email causes sql injection. The attack may be initiated remotel... Read more

    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-59476

    Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict or transform the characters that can be inserted from user-specified content in log messages, allowing attackers able to control log message contents to insert line break characters, fol... Read more

    Affected Products : jenkins
    • Published: Sep. 17, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-59475

    Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu, allowing attackers without Overall/Read permission to obtain limited information about the Jenkins configuration by li... Read more

    Affected Products : jenkins
    • Published: Sep. 17, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-59474

    Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names thr... Read more

    Affected Products : jenkins
    • Published: Sep. 17, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-10798

    A vulnerability was identified in code-projects Hostel Management System 1.0. Impacted is an unknown function of the file /justines/admin/mod_roomtype/index.php?view=view. Such manipulation of the argument ID leads to sql injection. The attack may be laun... Read more

    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10799

    A security flaw has been discovered in code-projects Hostel Management System 1.0. The affected element is an unknown function of the file /justines/admin/mod_reservation/index.php?view=view. Performing manipulation of the argument ID results in sql injec... Read more

    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-56074

    A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the fromdate parameter in a PO... Read more

    Affected Products : park_ticketing_management_system
    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-56075

    A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the fromdate parameter in a POST ... Read more

    Affected Products : park_ticketing_management_system
    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10809

    A security vulnerability has been detected in Campcodes Online Learning Management System 1.0. The affected element is an unknown function of the file /admin/department.php. Such manipulation of the argument d leads to sql injection. The attack can be exe... Read more

    Affected Products : online_learning_management_system
    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10808

    A weakness has been identified in Campcodes Farm Management System 1.0. Impacted is an unknown function of the file /uploadProduct.php. This manipulation of the argument Type causes sql injection. Remote exploitation of the attack is possible. The exploit... Read more

    Affected Products : farm_management_system
    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10810

    A vulnerability was detected in Campcodes Online Learning Management System 1.0. The impacted element is an unknown function of the file /admin/edit_user.php. Performing manipulation of the argument firstname results in sql injection. The attack is possib... Read more

    Affected Products : online_learning_management_system
    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10811

    A flaw has been found in code-projects Hostel Management System 1.0. This affects an unknown function of the file /justines/admin/mod_comments/index.php?view=view. Executing manipulation of the argument ID can lead to sql injection. The attack may be perf... Read more

    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-8892

    A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more

    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-8354

    A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the curren... Read more

    Affected Products : revit
    • Published: Sep. 23, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4495 Results