Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-47716

    Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CS_message', and 'name' to execute a... Read more

    Affected Products : orangescrum
    • Published: Dec. 23, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2023-53966

    SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate the username environment variable with format ... Read more

    Affected Products : linkandshare_transmitter
    • Published: Dec. 22, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-66947

    SQL injection vulnerability in krishanmuraiji SMS v.1.0, within the /studentms/admin/edit-class-detail.php via the editid GET parameter. An attacker can trigger controlled delays using SQL SLEEP() to infer database contents. Successful exploitation may le... Read more

    Affected Products : student_management_system
    • Published: Dec. 26, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2019-25241

    FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by execu... Read more

    • Published: Dec. 24, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-15065

    Exposure of Sensitive Information to an Unauthorized Actor, Missing Encryption of Sensitive Data, Files or Directories Accessible to External Parties vulnerability in Kings Information & Network Co. KESS Enterprise on Windows allows Privilege Escalation, ... Read more

    Affected Products :
    • Published: Dec. 29, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-15053

    A flaw has been found in code-projects Student Information System 1.0. This issue affects some unknown processing of the file /searchresults.php. Executing manipulation of the argument searchbox can lead to sql injection. The attack may be performed from ... Read more

    Affected Products : student_information_system
    • Published: Dec. 24, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-15052

    A vulnerability was detected in code-projects Student Information System 1.0. This vulnerability affects unknown code of the file /profile.php. Performing manipulation of the argument firstname/lastname results in cross site scripting. The attack is possi... Read more

    Affected Products : student_information_system
    • Published: Dec. 24, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-15050

    A security vulnerability has been detected in code-projects Student File Management System 1.0. This affects an unknown part of the file /save_file.php. Such manipulation of the argument File leads to unrestricted upload. The attack can be executed remote... Read more

    Affected Products : student_file_management_system
    • Published: Dec. 24, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-15049

    A vulnerability was identified in code-projects Online Farm System 1.0. Affected is an unknown function of the file /addProduct.php. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit is pub... Read more

    Affected Products : online_farm_system
    • Published: Dec. 23, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2025-15180

    A vulnerability was identified in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/webExcptypemanFilte of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow.... Read more

    Affected Products : wh450_firmware wh450
    • Published: Dec. 29, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Memory Corruption

  • 8.3

    HIGH
    CVE-2025-15179

    A vulnerability was determined in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/qossetting. This manipulation of the argument page causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been p... Read more

    Affected Products : wh450_firmware wh450
    • Published: Dec. 29, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Memory Corruption

  • 8.3

    HIGH
    CVE-2025-15178

    A vulnerability was found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/VirtualSer of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack ca... Read more

    Affected Products : wh450_firmware wh450
    • Published: Dec. 29, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Memory Corruption

  • 8.3

    HIGH
    CVE-2025-15177

    A vulnerability has been found in Tenda WH450 1.0.0.18. This vulnerability affects unknown code of the file /goform/SetIpBind of the component HTTP Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack can... Read more

    Affected Products : wh450_firmware wh450
    • Published: Dec. 29, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Memory Corruption

  • 8.3

    HIGH
    CVE-2025-15164

    A security flaw has been discovered in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack may be performed from remote. The exploit... Read more

    Affected Products : wh450_firmware wh450
    • Published: Dec. 29, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Memory Corruption

  • 8.3

    HIGH
    CVE-2025-15163

    A vulnerability was identified in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack is possible to be carr... Read more

    Affected Products : wh450_firmware wh450
    • Published: Dec. 29, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Memory Corruption

  • 8.3

    HIGH
    CVE-2025-15162

    A vulnerability was determined in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/RouteStatic. Executing manipulation of the argument page can lead to stack-based buffer overflow. The attack can be exec... Read more

    Affected Products : wh450_firmware wh450
    • Published: Dec. 29, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Memory Corruption

  • 8.3

    HIGH
    CVE-2025-15161

    A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing manipulation of the argument delno results in stack-based buffer overflow. Remote exploitation of the attack is possible. Th... Read more

    Affected Products : wh450_firmware wh450
    • Published: Dec. 28, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Memory Corruption

  • 8.3

    HIGH
    CVE-2025-15160

    A vulnerability has been found in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/PPTPServer. Such manipulation of the argument ip1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been ... Read more

    Affected Products : wh450_firmware wh450
    • Published: Dec. 28, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-15167

    A vulnerability was determined in itsourcecode Online Cake Ordering System 1.0. This impacts an unknown function of the file /detailtransac.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The ... Read more

    • Published: Dec. 29, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-15166

    A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown function of the file /updatesupplier.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The... Read more

    • Published: Dec. 29, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Injection
Showing 20 of 4323 Results