Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-10028

    A vulnerability was identified in itsourcecode POS Point of Sale System 1.0. This affects an unknown part of the file /inventory/main/vendors/datatables/unit_testing/templates/6776.php. Such manipulation of the argument scripts leads to cross site scripti... Read more

    Affected Products : point_of_sale_system
    • Published: Sep. 06, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-10029

    A security flaw has been discovered in itsourcecode POS Point of Sale System 1.0. This vulnerability affects unknown code of the file /inventory/main/vendors/datatables/unit_testing/templates/complex_header_2.php. Performing manipulation of the argument s... Read more

    Affected Products : point_of_sale_system
    • Published: Sep. 06, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-10033

    A vulnerability has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin. Such manipulation of the argument Username leads to sql injection. The attack may be performed from remote. The exploit has be... Read more

    • Published: Sep. 06, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-58445

    Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers... Read more

    Affected Products : atlantis
    • Published: Sep. 06, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-10063

    A vulnerability was identified in itsourcecode POS Point of Sale System 1.0. This vulnerability affects unknown code of the file /inventory/main/vendors/datatables/unit_testing/templates/deferred_table.php. The manipulation of the argument scripts leads t... Read more

    Affected Products : point_of_sale_system
    • Published: Sep. 06, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-10064

    A security flaw has been discovered in itsourcecode POS Point of Sale System 1.0. This issue affects some unknown processing of the file /inventory/main/vendors/datatables/unit_testing/templates/dom_data_two_headers.php. The manipulation of the argument s... Read more

    Affected Products : point_of_sale_system
    • Published: Sep. 07, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-57766

    Fides is an open-source privacy engineering platform. Prior to version 2.69.1, admin UI user password changes in Fides do not invalidate active user sessions, creating a vulnerability chaining opportunity where attackers who have obtained session tokens t... Read more

    Affected Products : fides
    • Published: Sep. 08, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-57815

    Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-forc... Read more

    Affected Products : fides
    • Published: Sep. 08, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-57816

    Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based ... Read more

    Affected Products : fides
    • Published: Sep. 08, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-57817

    Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with `client:create` o... Read more

    Affected Products : fides
    • Published: Sep. 08, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-10032

    A vulnerability was detected in Campcodes Grocery Sales and Inventory System 1.0. The affected element is an unknown function of the file /index.php. The manipulation of the argument page results in cross site scripting. The attack can be executed remotel... Read more

    • Published: Sep. 06, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-10031

    A security vulnerability has been detected in Campcodes Grocery Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. The manipulation of the argument ID leads to sql injection. Remote exploitation of t... Read more

    • Published: Sep. 06, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10030

    A weakness has been identified in Campcodes Grocery Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=save_receiving. Executing manipulation of the argument ID can lead to sql injection. The attack may... Read more

    • Published: Sep. 06, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9847

    A weakness has been identified in ScriptAndTools Real Estate Management System 1.0. Impacted is an unknown function of the file register.php. This manipulation of the argument uimage causes unrestricted upload. Remote exploitation of the attack is possibl... Read more

    Affected Products : real_estate_management_system
    • Published: Sep. 03, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-10104

    A security vulnerability has been detected in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /review_search.php. The manipulation of the argument txtsearch leads to sql injection. It is possible to initiate the ... Read more

    Affected Products : online_event_judging_system
    • Published: Sep. 08, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10103

    A weakness has been identified in code-projects Online Event Judging System 1.0. This impacts an unknown function of the file /home.php. Executing manipulation of the argument main_event can lead to sql injection. The attack may be performed from remote. ... Read more

    Affected Products : online_event_judging_system
    • Published: Sep. 08, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10102

    A security flaw has been discovered in code-projects Online Event Judging System 1.0. This affects an unknown function of the file /index.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried ... Read more

    Affected Products : online_event_judging_system
    • Published: Sep. 08, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-9848

    A security vulnerability has been detected in ScriptAndTools Real Estate Management System 1.0. The affected element is an unknown function of the file /admin/userlist.php. Such manipulation leads to execution after redirect. The attack can be executed re... Read more

    Affected Products : real_estate_management_system
    • Published: Sep. 03, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-10106

    A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.1. This affects an unknown part of the file /cms/collect/search. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit has been d... Read more

    Affected Products : chancms
    • Published: Sep. 08, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-10105

    A flaw has been found in yanyutao0402 ChanCMS up to 3.3.1. Affected by this issue is some unknown functionality of the file /cms/article/search. This manipulation of the argument keyword causes sql injection. The attack can be initiated remotely. The expl... Read more

    Affected Products : chancms
    • Published: Sep. 08, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Injection
Showing 20 of 4504 Results