Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2024-11636

    The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilte... Read more

    Affected Products : email_subscribers_\&_newsletters
    • Published: Jan. 13, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-29154

    HTML injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via the .galera.app/ted/solicitacao_treinamento/, .galera.app/rh/metas/perspectiva_estrategica/edicao/, .galera.app/rh/cadastros/perspecti... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2024-25454

    Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function.... Read more

    Affected Products : bento4
    • EPSS Score: %0.02
    • Published: Feb. 09, 2024
    • Modified: May. 08, 2025

  • 7.5

    HIGH
    CVE-2024-25407

    SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service (DoS) by using the predicted transaction ID's to terminate other transactions.... Read more

    Affected Products : steve steve
    • EPSS Score: %0.17
    • Published: Feb. 13, 2024
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-25302

    Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter.... Read more

    Affected Products : event_student_attendance_system
    • EPSS Score: %0.18
    • Published: Feb. 09, 2024
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2024-25003

    KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code exe... Read more

    Affected Products : kitty
    • EPSS Score: %0.55
    • Published: Feb. 09, 2024
    • Modified: May. 08, 2025

  • 8.8

    HIGH
    CVE-2024-24350

    File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component.... Read more

    Affected Products : e-sic_livre
    • EPSS Score: %1.87
    • Published: Feb. 08, 2024
    • Modified: May. 08, 2025

  • 4.2

    MEDIUM
    CVE-2024-24255

    A Race Condition discovered in geofence.cpp and mission_feasibility_checker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones on unintended missions.... Read more

    Affected Products : px4_drone_autopilot
    • EPSS Score: %0.04
    • Published: Feb. 06, 2024
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-24216

    Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php.... Read more

    Affected Products : zentao
    • EPSS Score: %6.84
    • Published: Feb. 08, 2024
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-24186

    Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c.... Read more

    Affected Products : jsish
    • EPSS Score: %1.08
    • Published: Feb. 07, 2024
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-24112

    xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter.... Read more

    Affected Products : xmall
    • EPSS Score: %81.13
    • Published: Feb. 06, 2024
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-24003

    jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can con... Read more

    Affected Products : jsherp
    • EPSS Score: %0.10
    • Published: Feb. 08, 2024
    • Modified: May. 08, 2025

  • 8.8

    HIGH
    CVE-2024-22515

    Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component.... Read more

    Affected Products : agent_dvr
    • EPSS Score: %10.17
    • Published: Feb. 06, 2024
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2024-22012

    there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. ... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Feb. 07, 2024
    • Modified: May. 08, 2025

  • 5.1

    MEDIUM
    CVE-2023-33770

    Real Estate Management System v1.0 was discovered to contain a SQL injection vulnerability via the message parameter at /contact.php.... Read more

    Affected Products :
    • Published: May. 06, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2022-43435

    Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.... Read more

    Affected Products : 360_fireline
    • EPSS Score: %0.20
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 5.3

    MEDIUM
    CVE-2022-43434

    Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.... Read more

    Affected Products : neuvector_vulnerability_scanner
    • EPSS Score: %0.21
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2022-43433

    Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.... Read more

    Affected Products : screenrecorder
    • EPSS Score: %0.22
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2022-43432

    Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.... Read more

    Affected Products : xframium_builder
    • EPSS Score: %0.20
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2022-43431

    Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.... Read more

    Affected Products : compuware_strobe_measurement
    • EPSS Score: %0.14
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025
Showing 20 of 291717 Results