Latest Cybersecurity Vulnerabilities - Real-Time Updates
Stay ahead of cybersecurity threats with real-time updates on the latest vulnerabilities.
This page lists the 30 most recently disclosed Common Vulnerabilities and Exposures (CVEs),
including risk scores, affected vendors, and mitigation insights.
Keeping track of emerging threats helps security professionals protect their systems.
Latest 30 CVEs - Real-Time Cyber Threats
Cyber threats are constantly evolving, making real-time vulnerability tracking essential.
Below are the 30 most recently disclosed Common Vulnerabilities and Exposures (CVEs),
providing key details such as affected vendors, impact levels, and risk scores.
Each CVE entry includes a brief summary and a direct link to its full details,
enabling cybersecurity professionals, system administrators, and developers to quickly assess
and mitigate potential security risks.
-
CVE-2025-4896 Severe Vulnerability Alert
A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/UserCongratulationsExec. The manipulation of the argument getuid leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Score: 8.8/10
โ ๏ธ Severe Risk
Published on 18 May 2025, 21:15 UTC (only 1 hour ago)
-
CVE-2025-4895 Exploitable Vulnerability Warning
A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/delete-session.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Score: 7.3/10
๐ฅ Very High Risk
Published on 18 May 2025, 21:15 UTC (only 1 hour ago)
-
CVE-2025-4894 Vulnerability Report
A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function gen_rsa_keys of the file common/crypto.py. The manipulation leads to inadequate encryption strength. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
Score: 3.7/10
โ ๏ธ Moderate Risk
Published on 18 May 2025, 20:15 UTC (only 2 hours ago)
-
CVE-2025-4893 Active Exploit Warning
A vulnerability classified as critical has been found in jammy928 CoinExchange_CryptoExchange_Java up to 8adf508b996020d3efbeeb2473d7235bd01436fa. This affects the function uploadLocalImage of the file /CoinExchange_CryptoExchange_Java-master/00_framework/core/src/main/java/com/bizzan/bitrade/util/UploadFileUtil.java of the component File Upload Endpoint. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information ...
Score: 6.3/10
๐ฅ High Risk
Published on 18 May 2025, 20:15 UTC (only 2 hours ago)
-
CVE-2025-4892 Significant Vulnerability Warning
A vulnerability was found in code-projects Police Station Management System 1.0. It has been declared as critical. Affected by this vulnerability is the function criminal::remove of the file source.cpp of the component Delete Record. The manipulation of the argument No leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
Score: 5.3/10
๐จ Significant Risk
Published on 18 May 2025, 19:15 UTC (only 3 hours ago)
-
CVE-2025-4891 Exploit & Mitigation Report
A vulnerability was found in code-projects Police Station Management System 1.0. It has been classified as critical. Affected is the function criminal::display of the file source.cpp of the component Display Record. The manipulation of the argument N leads to buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Score: 5.3/10
๐จ Significant Risk
Published on 18 May 2025, 19:15 UTC (only 3 hours ago)
-
CVE-2025-4890 Significant Vulnerability Warning
A vulnerability was found in code-projects Tourism Management System 1.0 and classified as critical. This issue affects the function LoginUser of the component Login User. The manipulation of the argument username/password leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Score: 5.3/10
๐จ Significant Risk
Published on 18 May 2025, 18:15 UTC (only 4 hours ago)
-
CVE-2025-4889 Exploit & Mitigation Report
A vulnerability has been found in code-projects Tourism Management System 1.0 and classified as critical. This vulnerability affects the function AddUser of the component User Registration. The manipulation of the argument username/password leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Score: 5.3/10
๐จ Significant Risk
Published on 18 May 2025, 18:15 UTC (only 4 hours ago)
-
CVE-2025-4888 Significant Vulnerability Warning
A vulnerability, which was classified as critical, was found in code-projects Pharmacy Management System 1.0. This affects the function medicineType::take_order of the component Add Order Details. The manipulation leads to buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Score: 5.3/10
๐จ Significant Risk
Published on 18 May 2025, 17:15 UTC (only 5 hours ago)
-
CVE-2025-4887 Security Flaw Alert
A vulnerability, which was classified as problematic, has been found in SourceCodester Online Student Clearance System 1.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Score: 4.3/10
โ ๏ธ Medium Risk
Published on 18 May 2025, 17:15 UTC (only 5 hours ago)
-
CVE-2025-4886 Critical Security Advisory
A vulnerability classified as critical was found in itsourcecode Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/product_update.php. The manipulation of the argument serial leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Score: 7.3/10
๐ฅ Very High Risk
Published on 18 May 2025, 16:15 UTC (only 6 hours ago)
-
CVE-2025-4885 Exploitable Vulnerability Warning
A vulnerability classified as critical has been found in itsourcecode Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/product_add.php. The manipulation of the argument serial leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Score: 7.3/10
๐ฅ Very High Risk
Published on 18 May 2025, 16:15 UTC (only 6 hours ago)
-
CVE-2025-4884 Severe Cybersecurity Threat
A vulnerability was found in itsourcecode Restaurant Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/assign_save.php. The manipulation of the argument team leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Score: 7.3/10
๐ฅ Very High Risk
Published on 18 May 2025, 15:15 UTC (only 7 hours ago)
-
CVE-2025-4883 Severe Cybersecurity Threat
A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been declared as critical. This vulnerability affects the function ctxz_asp of the file /ctxz.asp of the component Connection Limit Page. The manipulation of the argument def/defTcp/defUdp/defIcmp/defOther leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Score: 7.2/10
๐ฅ Very High Risk
Published on 18 May 2025, 15:15 UTC (only 7 hours ago)
-
CVE-2025-48219 Security Issue Details
O2 UK through 2025-05-17 allows subscribers to determine the Cell ID of other subscribers by initiating an IMS (IP Multimedia Subsystem) call and then reading the utran-cell-id-3gpp field of a Cellular-Network-Info SIP header, aka an ECI (E-UTRAN Cell Identity) leak. The Cell ID might be usable to identify a cell location via crowdsourced data, and might correspond to a small physical area (e.g., if the called party is in a city centre). Removal of the Cellular-Network-Info header is mentioned in section 4.4.19 of ETSI TS 124 229.
Score: 3.5/10
โ ๏ธ Moderate Risk
Published on 18 May 2025, 15:15 UTC (only 7 hours ago)
-
CVE-2025-4882 Critical Security Advisory
A vulnerability was found in itsourcecode Restaurant Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/team_update.php. The manipulation of the argument team leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Score: 7.3/10
๐ฅ Very High Risk
Published on 18 May 2025, 14:15 UTC (only 8 hours ago)
-
CVE-2025-4881 Severe Cybersecurity Threat
A vulnerability was found in itsourcecode Restaurant Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/user_save.php. The manipulation of the argument username/name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Score: 7.3/10
๐ฅ Very High Risk
Published on 18 May 2025, 14:15 UTC (only 8 hours ago)
-
CVE-2025-4880 Exploitable Vulnerability Warning
A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Score: 7.3/10
๐ฅ Very High Risk
Published on 18 May 2025, 13:15 UTC (only 9 hours ago)
-
CVE-2025-4875 Exploitable Vulnerability Warning
A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Score: 7.3/10
๐ฅ Very High Risk
Published on 18 May 2025, 13:15 UTC (only 9 hours ago)
-
CVE-2025-4874 Exploitable Vulnerability Warning
A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/contactus.php. The manipulation of the argument pagetitle leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Score: 7.3/10
๐ฅ Very High Risk
Published on 18 May 2025, 12:15 UTC (only 10 hours ago)
What are CVEs?
A Common Vulnerability and Exposure (CVE) is a publicly disclosed cybersecurity flaw
that can be exploited by attackers to compromise software, systems, or networks.
The CVE system is maintained by The CVE Program
and provides a unique identifier for each vulnerability.
CVEs are assigned a severity score using the Common Vulnerability Scoring System (CVSS),
which helps security teams prioritize their response to threats.
Why Tracking CVEs is Important?
Keeping track of the latest CVEs is crucial for organizations and IT security professionals.
Cybercriminals frequently exploit unpatched vulnerabilities to launch ransomware attacks, data breaches, and system takeovers.
By staying updated with the latest threats, companies can apply security patches,
adjust firewall rules, and implement security policies to minimize risks.