Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.2 MEDIUM
CVE-2025-58340 — Samsung Exynos Wi-Fi Driver Unbounded Memory Allocation Denial of Service

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory all…

exynos_980_firmware exynos_850_firmware exynos_1080_firmware exynos_1280_firmware exynos_1380_firmware exynos_1330_firmware +16 more | Memory Corruption
Feb 03, 2026 Feb 05, 2026
Feb 03, 2026
Feb 05, 2026
9.8 CRITICAL
CVE-2025-57529 — YouDataSum CPAS Audit Management System SQL Injection

YouDataSum CPAS Audit Management System <=v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to…

cpas_audit_management_system | Remote | Injection
Feb 03, 2026 Feb 10, 2026
Feb 03, 2026
Feb 10, 2026
6.1 MEDIUM
CVE-2025-52629 — HCL AION is susceptible to Missing Content-Security-Policy

HCL AION is susceptible to Missing Content-Security-Policy.  An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scrip…

aion | Remote | Misconfiguration
Feb 03, 2026 Feb 10, 2026
Feb 03, 2026
Feb 10, 2026
7.5 HIGH
CVE-2025-52627 — HCL AION is susceptible to Incorrect Permission Assignment for Critical Resource

Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauth…

aion | Remote | Misconfiguration
Feb 03, 2026 Feb 10, 2026
Feb 03, 2026
Feb 10, 2026
9.8 CRITICAL
CVE-2025-52626 — HCL AION is susceptible to Potential Command Injection vulnerability

A Potential Command Injection vulnerability in HCL AION.  An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AIO…

aion | Remote | Injection
Feb 03, 2026 Feb 10, 2026
Feb 03, 2026
Feb 10, 2026
9.1 CRITICAL
CVE-2025-46651 — Tiny File Manager SSRF

Tiny File Manager through 2.6 contains a server-side request forgery (SSRF) vulnerability in the URL upload feature. Due to insufficient validation of user-supplied URLs, an attacker can send crafted…

tiny_file_manager | Remote | Server-Side Request Forgery
Feb 03, 2026 Feb 10, 2026
Feb 03, 2026
Feb 10, 2026
8.8 HIGH
CVE-2020-37116 — GUnet OpenEclass 1.7.3 E-learning platform - phpMyAdmin Remote Access

GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the…

open_eclass_platform | Remote | Authentication
Feb 03, 2026 Feb 10, 2026
Feb 03, 2026
Feb 10, 2026
7.1 HIGH
CVE-2020-37115 — GUnet OpenEclass 1.7.3 E-learning platform - Plaintext Password Storage

GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive inf…

open_eclass_platform | Remote | Information Disclosure
Feb 03, 2026 Feb 10, 2026
Feb 03, 2026
Feb 10, 2026
6.5 MEDIUM
CVE-2020-37114 — GUnet OpenEclass 1.7.3 E-learning platform - Information Disclosure

GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due…

open_eclass_platform | Remote | Information Disclosure
Feb 03, 2026 Feb 10, 2026
Feb 03, 2026
Feb 10, 2026
8.8 HIGH
CVE-2020-37113 — GUnet OpenEclass 1.7.3 E-learning platform - File Upload Extension Bypass

GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute a…

open_eclass_platform | Remote | Authentication
Feb 03, 2026 Feb 12, 2026
Feb 03, 2026
Feb 12, 2026
7.1 HIGH
CVE-2020-37112 — GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'mon…

open_eclass_platform openeclass | Remote | Injection
Feb 03, 2026 Feb 12, 2026
Feb 03, 2026
Feb 12, 2026
6.1 MEDIUM
CVE-2020-37111 — 60CycleCMS 2.5.2 - 'news.php' Cross-site Scripting (XSS) Vulnerability

60CycleCMS 2.5.2 contains a cross-site scripting (XSS) vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS …

60cyclecms 60cyclecms | Remote | Cross-Site Scripting
Feb 03, 2026 Feb 18, 2026
Feb 03, 2026
Feb 18, 2026
9.8 CRITICAL
CVE-2020-37110 — 60CycleCMS 2.5.2 - 'news.php' SQL Injection Vulnerability

60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vuln…

60cyclecms 60cyclecms | Remote | Injection
Feb 03, 2026 Feb 18, 2026
Feb 03, 2026
Feb 18, 2026
7.1 HIGH
CVE-2020-37108 — PhpIX 2012 Professional - 'id' SQL Injection

PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product_detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious …

Remote | Injection
Feb 03, 2026 Feb 04, 2026
Feb 03, 2026
Feb 04, 2026
7.1 HIGH
CVE-2020-37105 — PMB 5.6 - 'logid' SQL Injection

PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can…

pmb | Remote | Injection
Feb 03, 2026 Feb 04, 2026
Feb 03, 2026
Feb 04, 2026
6.4 MEDIUM
CVE-2020-37103 — DotNetNuke 9.5 - Persistent Cross-Site Scripting

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML …

dotnetnuke | Remote | Cross-Site Scripting
Feb 03, 2026 Feb 09, 2026
Feb 03, 2026
Feb 09, 2026
6.4 MEDIUM
CVE-2019-25265 — Online Inventory Manager 3.2 - Persistent Cross-Site Scripting

Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through th…

online_invoicing_system | Remote | Cross-Site Scripting
Feb 03, 2026 Feb 04, 2026
Feb 03, 2026
Feb 04, 2026
6.4 MEDIUM
CVE-2019-25264 — Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting

Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script …

Remote | Cross-Site Scripting
Feb 03, 2026 Feb 04, 2026
Feb 03, 2026
Feb 04, 2026
6.4 MEDIUM
CVE-2019-25263 — Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting

Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through support ticket submissions. Attackers can insert XSS pa…

Remote | Cross-Site Scripting
Feb 03, 2026 Feb 04, 2026
Feb 03, 2026
Feb 04, 2026
9.6 CRITICAL
CVE-2026-1568 — Rapid7 InsightVM Signature Validation Vulnerability

Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue on the Assertion Consumer Service (ACS) cloud endpoint that could allow an attacker to gain unauthorized access to Insig…

Remote | Authentication
Feb 03, 2026 Feb 04, 2026
Feb 03, 2026
Feb 04, 2026
Showing 20 of 5204 Results