Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-24112

    xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter.... Read more

    Affected Products : xmall
    • EPSS Score: %81.13
    • Published: Feb. 06, 2024
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-24003

    jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can con... Read more

    Affected Products : jsherp
    • EPSS Score: %0.10
    • Published: Feb. 08, 2024
    • Modified: May. 08, 2025

  • 8.8

    HIGH
    CVE-2024-22515

    Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component.... Read more

    Affected Products : agent_dvr
    • EPSS Score: %10.17
    • Published: Feb. 06, 2024
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2024-22012

    there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. ... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Feb. 07, 2024
    • Modified: May. 08, 2025

  • 5.1

    MEDIUM
    CVE-2023-33770

    Real Estate Management System v1.0 was discovered to contain a SQL injection vulnerability via the message parameter at /contact.php.... Read more

    Affected Products :
    • Published: May. 06, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2022-43435

    Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.... Read more

    Affected Products : 360_fireline
    • EPSS Score: %0.20
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 5.3

    MEDIUM
    CVE-2022-43434

    Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.... Read more

    Affected Products : neuvector_vulnerability_scanner
    • EPSS Score: %0.21
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2022-43433

    Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.... Read more

    Affected Products : screenrecorder
    • EPSS Score: %0.22
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2022-43432

    Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.... Read more

    Affected Products : xframium_builder
    • EPSS Score: %0.20
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2022-43431

    Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.... Read more

    Affected Products : compuware_strobe_measurement
    • EPSS Score: %0.14
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 7.5

    HIGH
    CVE-2022-43430

    Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.... Read more

    Affected Products : compuware_topaz_for_total_test
    • EPSS Score: %0.26
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 7.5

    HIGH
    CVE-2022-43429

    Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file ... Read more

    • EPSS Score: %0.13
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 5.3

    MEDIUM
    CVE-2022-43428

    Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the... Read more

    • EPSS Score: %0.21
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2022-43427

    Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.... Read more

    Affected Products : compuware_topaz_for_total_test
    • EPSS Score: %0.13
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 5.3

    MEDIUM
    CVE-2022-43426

    Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWS_SECRET_ACCESS_KEY form field, increasing the potential for attackers to observe and capture it.... Read more

    Affected Products : s3_explorer
    • EPSS Score: %0.14
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2022-43425

    Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of Custom Checkbox Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attacke... Read more

    Affected Products : custom_checkbox_parameter
    • EPSS Score: %3.71
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 5.3

    MEDIUM
    CVE-2022-43423

    Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Jav... Read more

    • EPSS Score: %0.20
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 5.3

    MEDIUM
    CVE-2022-43422

    Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenk... Read more

    Affected Products : jenkins compuware_topaz_utilities
    • EPSS Score: %0.21
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 5.3

    MEDIUM
    CVE-2022-43421

    A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value.... Read more

    Affected Products : tuleap_git_branch_source
    • EPSS Score: %0.20
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2022-43420

    Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to contr... Read more

    • EPSS Score: %7.56
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025
Showing 20 of 291737 Results