Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-14849

    Advantech WebAccess/SCADA  is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code.... Read more

    Affected Products : webaccess\/scada
    • Published: Dec. 18, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-14667

    A security vulnerability has been detected in itsourcecode COVID Tracking System 1.0. The impacted element is an unknown function of the file /admin/?page=system_info. Such manipulation of the argument meta_value leads to sql injection. The attack may be ... Read more

    Affected Products : covid_tracking_system
    • Published: Dec. 14, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-14588

    A security flaw has been discovered in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /update_program.php. Performing manipulation of the argument ID results in sql injection. The attack is possible to be c... Read more

    Affected Products : student_management_system
    • Published: Dec. 13, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-63721

    HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component, allowing attackers with normal user privileges to hit the /rule/add API and thereby achieve RCE and take over the server.... Read more

    Affected Products : hummerrisk
    • Published: Dec. 08, 2025
    • Modified: Dec. 11, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-14529

    A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The affected element is an unknown function of the file /admin/admin_running.php. This manipulation of the argument pid causes sql injection. It is possible to initiate the attack... Read more

    • Published: Dec. 11, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-53957

    Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information ... Read more

    Affected Products : kimai
    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-14621

    A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/update_user.php. The manipulation of the argument user_id leads to sql injection. Remote exploitation of the attack is poss... Read more

    Affected Products : student_file_management_system
    • Published: Dec. 13, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-23851

    Netaxis API Orchestrator (APIO) before 0.19.3 allows server side template injection (SSTI).... Read more

    Affected Products :
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-53877

    Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickup_id parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to steal inf... Read more

    Affected Products : bus_reservation_system
    • Published: Dec. 15, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-14666

    A weakness has been identified in itsourcecode COVID Tracking System 1.0. The affected element is an unknown function of the file /admin/?page=user. This manipulation of the argument Username causes sql injection. The attack is possible to be carried out ... Read more

    Affected Products : covid_tracking_system
    • Published: Dec. 14, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-53948

    Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the autodiscovery feature that allows attackers to inject arbitrary commands. Attackers can exploit the lack of input filtering in the nmap_binary parameter to execute a rev... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-63665

    An issue in GT Edge AI Community Edition Versions before v2.0.12 allows attackers to execute arbitrary code via injecting a crafted JSON payload into the Prompt window.... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-15167

    A vulnerability was determined in itsourcecode Online Cake Ordering System 1.0. This impacts an unknown function of the file /detailtransac.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The ... Read more

    • Published: Dec. 29, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-60180

    Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Salesforce gf-salesforce-crmperks allows Object Injection.This issue affects WP Gravity Forms Salesforce: from n/a through <= 1.5.1.... Read more

    Affected Products : wp_gravity_forms_salesforce
    • Published: Dec. 18, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-59718

    A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4... Read more

    Affected Products : fortios fortiswitchmanager fortiproxy
    • Actively Exploited
    • Published: Dec. 09, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-14515

    A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_unit.php. Such manipulation of the argument txtunitDetails leads to sql injection. The attack can... Read more

    Affected Products : supplier_management_system
    • Published: Dec. 11, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-62849

    An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following ... Read more

    Affected Products : quts_hero qts qts quts_hero
    • Published: Dec. 16, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-14514

    A flaw has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/add_distributor.php. This manipulation of the argument txtDistributorAddress causes sql injection. The attack can be initiated remotely. ... Read more

    Affected Products : supplier_management_system
    • Published: Dec. 11, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-14960

    A security vulnerability has been detected in code-projects Simple Blood Donor Management System 1.0. Impacted is an unknown function of the file /editeddonor.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the at... Read more

    • Published: Dec. 19, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-60174

    Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin gf-constant-contact allows Object Injection.This issue affects WP Gravity Forms Constant Contact Plugin: from n/a through <= 1.1.2.... Read more

    • Published: Dec. 18, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Injection
Showing 20 of 5252 Results