Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-41239

    Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.... Read more

    Affected Products : dotci
    • EPSS Score: %7.00
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-41237

    Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.... Read more

    Affected Products : dotci
    • EPSS Score: %1.13
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2022-41236

    A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL wit... Read more

    Affected Products : security_inspector
    • EPSS Score: %0.08
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 5.3

    MEDIUM
    CVE-2022-41235

    Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.... Read more

    Affected Products : wildfly_deployer
    • EPSS Score: %0.48
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2022-41234

    Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck.... Read more

    Affected Products : rundeck
    • EPSS Score: %0.23
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 4.3

    MEDIUM
    CVE-2022-41233

    Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts p... Read more

    Affected Products : rundeck
    • EPSS Score: %0.43
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 8.0

    HIGH
    CVE-2022-41232

    A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoi... Read more

    Affected Products : build-publisher
    • EPSS Score: %0.11
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 5.7

    MEDIUM
    CVE-2022-41231

    Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint.... Read more

    Affected Products : build-publisher
    • EPSS Score: %0.09
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 4.3

    MEDIUM
    CVE-2022-41230

    Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as wel... Read more

    Affected Products : build-publisher
    • EPSS Score: %0.43
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 5.4

    MEDIUM
    CVE-2022-41229

    Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers wi... Read more

    • EPSS Score: %5.71
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-3249

    A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. Th... Read more

    Affected Products : a6000r_firmware a6000r
    • Published: Apr. 04, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-34257

    TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges.... Read more

    Affected Products : ex1800t_firmware ex1800t
    • Published: May. 08, 2024
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-2050

    A vulnerability classified as critical was found in PHPGurukul User Registration & Login and User Management System 3.3. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument email leads to sql... Read more

    • Published: Mar. 07, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-39498

    Insertion of Sensitive Information Into Sent Data vulnerability in Spotlight Spotlight - Social Media Feeds (Premium) allows Retrieve Embedded Sensitive Data.This issue affects Spotlight - Social Media Feeds (Premium): from n/a through 1.7.1.... Read more

    Affected Products :
    • Published: May. 26, 2025
    • Modified: May. 28, 2025

  • 9.3

    CRITICAL
    CVE-2025-4009

    The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup netw... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-41649

    An unauthenticated remote attacker can exploit insufficient input validation to write data beyond the bounds of a buffer, potentially leading to a denial-of-service condition for the devices.... Read more

    Affected Products :
    • Published: May. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Denial of Service

  • 9.6

    CRITICAL
    CVE-2025-5277

    aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that once accessed by the MCP client will run arbitrary commands on the host system.... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 7.5

    HIGH
    CVE-2025-5287

    The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the ex... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2025-48054

    Radashi is a TypeScript utility toolkit. Prior to version 12.5.1, the set function within the Radashi library is vulnerable to prototype pollution. If an attacker can control parts of the path argument to the set function, they could potentially modify th... Read more

    Affected Products :
    • Published: May. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-4134

    Lack of file validation in do_update_vps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write.... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 28, 2025
Showing 20 of 291756 Results