Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-11585

    A vulnerability was found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /useredit.php. The manipulation of the argument uid results in sql injection. The attack can be executed remotely. The exploi... Read more

    • Published: Oct. 10, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-49201

    A weak authentication in Fortinet FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager 7.2.0 through 7.2.4 allows attacker to execute unauthorized code or commands via specially craf... Read more

    Affected Products : fortiswitchmanager fortipam
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-62023

    Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque s2Member s2member.This issue affects s2Member: from n/a through <= 250905.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-42937

    SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and avail... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-11533

    The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the process_register() function not restricting what user roles a user can register with. This makes it possible for unau... Read more

    Affected Products :
    • Published: Oct. 11, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-52635

    A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0.... Read more

    Affected Products : aion
    • Published: Oct. 10, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-12237

    A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /index.php. Such manipulation of the argument keywords leads to sql injection. The attack can be executed remotely. The exp... Read more

    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10850

    The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to, and including, 1.1.4. This is due to the hardcoded password in the 'fb_ajax_login_or_register' function and in the 'google_ajax_login_or_register' functio... Read more

    Affected Products :
    • Published: Oct. 16, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-11595

    A vulnerability was found in Campcodes Online Apartment Visitor Management System 1.0. Impacted is an unknown function of the file /admin-profile.php. Performing manipulation of the argument mobilenumber results in sql injection. Remote exploitation of th... Read more

    • Published: Oct. 11, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9967

    The Orion SMS OTP Verification plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.7. This is due to the plugin not properly validating a user's identity prior to updating their passwor... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-49921

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CrocoBlock JetReviews jet-reviews allows PHP Local File Inclusion.This issue affects JetReviews: from n/a through <= 3.0.0.... Read more

    Affected Products : jetreviews
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11948

    Document Management System developed by Excellent Infotek has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-10041

    The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesave_qr_code_to_db() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attacke... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-11657

    A security vulnerability has been detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This impacts an unknown function of the file /assets/createNotice.php. The manipulation of the argument File leads t... Read more

    Affected Products : school_management_system
    • Published: Oct. 13, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-27258

    Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege.... Read more

    Affected Products : network_manager
    • Published: Oct. 13, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-58963

    Unrestricted Upload of File with Dangerous Type vulnerability in 7oroof Medcity medcity allows Upload a Web Shell to a Web Server.This issue affects Medcity: from n/a through < 1.1.9.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-12253

    A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected by this vulnerability is an unknown functionality of the file /user/portal/get_expiredtime.php. This manipulation of the argument uid causes sql injection. The attack ma... Read more

    Affected Products : hibos
    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-41018

    SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'.... Read more

    Affected Products : exito
    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11660

    A vulnerability has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this issue is some unknown functionality of the file /assets/uploadSllyabus.php. Such manipulation of the argument F... Read more

    Affected Products : school_management_system
    • Published: Oct. 13, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-11586

    A vulnerability was determined in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/setNotUpgrade. This manipulation of the argument newVersion causes stack-based buffer overflow. The attack is possible to be carried out remotely... Read more

    Affected Products : ac7_firmware ac7
    • Published: Oct. 10, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 3774 Results