Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-8703

    The Z-Downloads WordPress plugin before 1.11.6 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks when accessing share URLs.... Read more

    Affected Products : z-downloads
    • Published: May. 15, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-9709

    The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : ekc_tournament_manager
    • Published: May. 15, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2024-9711

    The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : ekc_tournament_manager
    • Published: May. 15, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2024-9765

    The EKC Tournament Manager WordPress plugin before 2.2.2 allows a logged in admin to download system files outside of the WordPress directory... Read more

    Affected Products : ekc_tournament_manager
    • Published: May. 15, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2025-0687

    The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthe... Read more

    • Published: May. 15, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-4892

    A vulnerability was found in code-projects Police Station Management System 1.0. It has been declared as critical. Affected by this vulnerability is the function criminal::remove of the file source.cpp of the component Delete Record. The manipulation of t... Read more

    • Published: May. 18, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-0688

    The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthe... Read more

    • Published: May. 15, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-4889

    A vulnerability has been found in code-projects Tourism Management System 1.0 and classified as critical. This vulnerability affects the function AddUser of the component User Registration. The manipulation of the argument username/password leads to buffe... Read more

    Affected Products : tourism_management_system
    • Published: May. 18, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-4888

    A vulnerability, which was classified as critical, was found in code-projects Pharmacy Management System 1.0. This affects the function medicineType::take_order of the component Add Order Details. The manipulation leads to buffer overflow. An attack has t... Read more

    Affected Products : pharmacy_management_system
    • Published: May. 18, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-4745

    A vulnerability, which was classified as problematic, was found in code-projects Employee Record System 1.0. This affects an unknown part of the file current_employees.php. The manipulation of the argument employeed_id/first_name/middle_name/last_name lea... Read more

    Affected Products : employee_record_system
    • Published: May. 16, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2024-7774

    A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. ... Read more

    Affected Products : langchain langchain.js
    • Published: Oct. 29, 2024
    • Modified: May. 28, 2025

  • 4.8

    MEDIUM
    CVE-2025-3996

    A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home.htm of the component MAC Filtering Page. The manipulation of the argument Comment leads ... Read more

    Affected Products : n150rt_firmware n150rt
    • Published: Apr. 28, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-2812

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mydata Informatics Ticket Sales Automation allows Blind SQL Injection.This issue affects Ticket Sales Automation: before 03.04.2025 (DD.MM.YYYY).... Read more

    Affected Products : ticket_sales_automation
    • Published: May. 02, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2022-41254

    Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credenti... Read more

    Affected Products : cons3rt
    • EPSS Score: %0.39
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2022-41253

    A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials ... Read more

    Affected Products : cons3rt
    • EPSS Score: %0.08
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 4.3

    MEDIUM
    CVE-2022-41252

    Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.... Read more

    Affected Products : cons3rt
    • EPSS Score: %0.43
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 4.3

    MEDIUM
    CVE-2022-41251

    A missing permission check in Jenkins Apprenda Plugin 2.2.0 and earlier allows users with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.... Read more

    Affected Products : apprenda
    • EPSS Score: %0.43
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2022-41245

    A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, captur... Read more

    Affected Products : worksoft_execution_manager
    • EPSS Score: %0.20
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 8.1

    HIGH
    CVE-2022-41244

    Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections.... Read more

    Affected Products : view26_test-reporting
    • EPSS Score: %0.09
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 8.1

    HIGH
    CVE-2022-41243

    Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections.... Read more

    Affected Products : smalltest
    • EPSS Score: %0.09
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025
Showing 20 of 291779 Results