Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-11109

    A vulnerability was identified in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/us_edit.php?action=edit. The manipulation of the argument ID leads to sql injection. It is possible to init... Read more

    • Published: Sep. 28, 2025
    • Modified: Sep. 28, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11108

    A vulnerability was determined in code-projects Simple Scheduling System 1.0. Impacted is an unknown function of the file /schedulingsystem/addroom.php. Executing manipulation of the argument room can lead to sql injection. The attack may be performed fro... Read more

    Affected Products :
    • Published: Sep. 28, 2025
    • Modified: Sep. 28, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11106

    A vulnerability has been found in code-projects Simple Scheduling System 1.0. This vulnerability affects unknown code of the file /schedulingsystem/addfaculty.php. Such manipulation of the argument falname leads to sql injection. The attack can be execute... Read more

    Affected Products :
    • Published: Sep. 28, 2025
    • Modified: Sep. 28, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11105

    A flaw has been found in code-projects Simple Scheduling System 1.0. This affects an unknown part of the file /schedulingsystem/addsubject.php. This manipulation of the argument subcode causes sql injection. Remote exploitation of the attack is possible. ... Read more

    Affected Products :
    • Published: Sep. 28, 2025
    • Modified: Sep. 28, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-11104

    A vulnerability was detected in CodeAstro Electricity Billing System 1.0. Affected by this issue is some unknown functionality of the file /admin/bill.php. The manipulation of the argument uid results in sql injection. The attack may be launched remotely.... Read more

    Affected Products :
    • Published: Sep. 28, 2025
    • Modified: Sep. 28, 2025
    • Vuln Type: Injection

  • 5.8

    MEDIUM
    CVE-2025-11103

    A security vulnerability has been detected in Projectworlds Online Tours and Travels 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted u... Read more

    Affected Products :
    • Published: Sep. 28, 2025
    • Modified: Sep. 28, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-11102

    A weakness has been identified in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/edit_content.php. Executing manipulation of the argument Title can lead to sql injection. The attack can be launched remo... Read more

    Affected Products : online_learning_management_system
    • Published: Sep. 28, 2025
    • Modified: Sep. 28, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11101

    A security flaw has been discovered in itsourcecode Open Source Job Portal 1.0. This impacts an unknown function of the file /jobportal/admin/company/index.php?view=edit. Performing manipulation of the argument ID results in sql injection. The attack can ... Read more

    Affected Products : open_source_job_portal
    • Published: Sep. 28, 2025
    • Modified: Sep. 28, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-11100

    A vulnerability was identified in D-Link DIR-823X 250416. This affects the function uci_set of the file /goform/set_wifi_blacklists. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly availa... Read more

    Affected Products : dir-823x_firmware
    • Published: Sep. 28, 2025
    • Modified: Sep. 28, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-11099

    A vulnerability was determined in D-Link DIR-823X 250416. The impacted element is the function uci_del of the file /goform/delete_prohibiting. This manipulation of the argument delvalue causes command injection. It is possible to initiate the attack remot... Read more

    Affected Products : dir-823x_firmware
    • Published: Sep. 28, 2025
    • Modified: Sep. 28, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-11098

    A vulnerability was found in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_wifi_blacklists. The manipulation of the argument macList results in command injection. The attack may be performed from remote. The e... Read more

    Affected Products : dir-823x_firmware
    • Published: Sep. 28, 2025
    • Modified: Sep. 28, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-11097

    A vulnerability has been found in D-Link DIR-823X 250416. Impacted is an unknown function of the file /goform/set_device_name. The manipulation of the argument mac leads to command injection. The attack is possible to be carried out remotely. The exploit ... Read more

    Affected Products : dir-823x_firmware
    • Published: Sep. 28, 2025
    • Modified: Sep. 28, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-11096

    A flaw has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/diag_traceroute. Executing manipulation of the argument target_addr can lead to command injection. The attack can be executed remotely. The exp... Read more

    Affected Products : dir-823x_firmware
    • Published: Sep. 28, 2025
    • Modified: Sep. 28, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-11095

    A vulnerability was detected in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/delete_offline_device. Performing manipulation of the argument delvalue results in command injection. Remote exploitation of the attack is ... Read more

    Affected Products : dir-823x_firmware
    • Published: Sep. 28, 2025
    • Modified: Sep. 28, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11094

    A security vulnerability has been detected in code-projects E-Commerce Website 1.0. This affects an unknown part of the file /pages/admin_product_details.php. Such manipulation of the argument prod_id leads to sql injection. The attack may be launched rem... Read more

    Affected Products : e-commerce_website
    • Published: Sep. 28, 2025
    • Modified: Sep. 28, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-11082

    A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution... Read more

    Affected Products : binutils
    • Published: Sep. 27, 2025
    • Modified: Sep. 27, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-11081

    A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now ... Read more

    Affected Products : binutils
    • Published: Sep. 27, 2025
    • Modified: Sep. 27, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-11080

    A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. This vulnerability affects the function selectStudentExamInfoList of the file src/main/java/com/education/api/controller/student/ExamInfoController.java. Such man... Read more

    Affected Products :
    • Published: Sep. 27, 2025
    • Modified: Sep. 27, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-11079

    A security flaw has been discovered in Campcodes Farm Management System 1.0. Affected by this issue is some unknown functionality. The manipulation results in file and directory information exposure. The attack may be performed from remote. The exploit ha... Read more

    Affected Products : farm_management_system
    • Published: Sep. 27, 2025
    • Modified: Sep. 27, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-11078

    A vulnerability was identified in itsourcecode Open Source Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/user/controller.php?action=photos. The manipulation of the argument photo leads to unrestricted upload... Read more

    Affected Products : open_source_job_portal
    • Published: Sep. 27, 2025
    • Modified: Sep. 27, 2025
    • Vuln Type: Authentication
Showing 20 of 4206 Results