Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2022-3360

    The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). To succes... Read more

    Affected Products : learnpress
    • EPSS Score: %11.51
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 8.8

    HIGH
    CVE-2022-3357

    The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import (intentionally or not) a malicious file, and a suitable gadget chain is present on the sit... Read more

    Affected Products : smart_slider_3
    • EPSS Score: %12.83
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 4.7

    MEDIUM
    CVE-2024-45967

    Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.php/admin/site/widget.... Read more

    Affected Products : pagekit
    • Published: Oct. 01, 2024
    • Modified: May. 06, 2025

  • 8.1

    HIGH
    CVE-2024-47806

    Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.... Read more

    • Published: Oct. 02, 2024
    • Modified: May. 06, 2025

  • 8.1

    HIGH
    CVE-2024-47807

    Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.... Read more

    • Published: Oct. 02, 2024
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-48581

    File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the admin_class.php component.... Read more

    Affected Products : best_courier_management_system
    • Published: Oct. 25, 2024
    • Modified: May. 06, 2025

  • 8.8

    HIGH
    CVE-2024-48594

    File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbitrary code via the file upload component.... Read more

    • Published: Oct. 28, 2024
    • Modified: May. 06, 2025

  • 7.8

    HIGH
    CVE-2023-4911

    A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching b... Read more

    • Actively Exploited
    • EPSS Score: %77.18
    • Published: Oct. 03, 2023
    • Modified: May. 06, 2025

  • 10.0

    CRITICAL
    CVE-2025-31324

    SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the ... Read more

    Affected Products : netweaver
    • Actively Exploited
    • Published: Apr. 24, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-28151

    Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller fi... Read more

    Affected Products : html_publisher
    • Published: Mar. 06, 2024
    • Modified: May. 06, 2025

  • 4.7

    MEDIUM
    CVE-2024-28150

    Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure pe... Read more

    Affected Products : html_publisher
    • Published: Mar. 06, 2024
    • Modified: May. 06, 2025

  • 6.5

    MEDIUM
    CVE-2024-28149

    Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting (XSS) attacks and to determine whether a path on the Jenkins controller ... Read more

    Affected Products : html_publisher
    • Published: Mar. 06, 2024
    • Modified: May. 06, 2025

  • 6.5

    MEDIUM
    CVE-2025-28017

    TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERY_STRING parameter.... Read more

    Affected Products : a800r_firmware a800r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-28018

    TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter.... Read more

    Affected Products : a800r_firmware a800r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-28019

    TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi component... Read more

    Affected Products : a800r_firmware a800r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-28020

    TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter.... Read more

    Affected Products : a800r_firmware a800r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-28021

    TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the downloadFile.cgi through the v14 and v3 parameters... Read more

    Affected Products : a810r_firmware a810r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-28022

    TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter.... Read more

    Affected Products : a810r_firmware a810r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2024-51243

    The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control all application deployment servers of this management system via DeployController.java.... Read more

    Affected Products : eladmin
    • Published: Oct. 30, 2024
    • Modified: May. 06, 2025

  • 9.1

    CRITICAL
    CVE-2024-51060

    Projectworlds Online Admission System v1 is vulnerable to SQL Injection in index.php via the 'a_id' parameter.... Read more

    • Published: Oct. 31, 2024
    • Modified: May. 06, 2025
Showing 20 of 291368 Results