Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-24399

    Jenkins OpenId Connect Authentication Plugin 4.452.v2849b_d3945fa_ and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances configured with a case-sensitive OpenID Connect provider to log i... Read more

    • Published: Jan. 22, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-0709

    A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be i... Read more

    Affected Products : dcat_admin
    • Published: Jan. 24, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-4153

    A vulnerability classified as critical was found in PHPGurukul Park Ticketing Management System 2.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument adminname leads to sql injection. Th... Read more

    Affected Products : park_ticketing_management_system
    • Published: May. 01, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-4154

    A vulnerability, which was classified as critical, has been found in PHPGurukul Pre-School Enrollment System 1.0. Affected by this issue is some unknown functionality of the file /admin/enrollment-details.php. The manipulation of the argument Status leads... Read more

    Affected Products : pre-school_enrollment_system
    • Published: May. 01, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-4155

    A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file /admin/edit-boat.php. The manipulation of the argument bid leads to sql injection. It is possible to initiate the ... Read more

    Affected Products : boat_booking_system
    • Published: May. 01, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 4.7

    MEDIUM
    CVE-2025-1749

    HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/voucher.... Read more

    Affected Products : opencart
    • Published: Feb. 28, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.7

    MEDIUM
    CVE-2025-1748

    HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/register.... Read more

    Affected Products : opencart
    • Published: Feb. 28, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.7

    MEDIUM
    CVE-2025-1747

    HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/login.... Read more

    Affected Products : opencart
    • Published: Feb. 28, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-1746

    Cross-Site Scripting vulnerability in OpenCart versions prior to 4.1.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the search in the /product/search endpoint. This v... Read more

    Affected Products : opencart
    • Published: Feb. 28, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-4156

    A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/change-image.php. The manipulation of the argument ID leads to sql injection. The attack can be ini... Read more

    Affected Products : boat_booking_system
    • Published: May. 01, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-4157

    A vulnerability was found in PHPGurukul Boat Booking System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/booking-details.php. The manipulation of the argument Status leads to sql injection. The attack may b... Read more

    Affected Products : boat_booking_system
    • Published: May. 01, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2024-13569

    The Front End Users WordPress plugin through 3.2.32 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : front_end_users
    • Published: Apr. 22, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-46225

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Post in page for Elementor allows DOM-Based XSS. This issue affects Post in page for Elementor: from n/a through 1.0.1.... Read more

    Affected Products : post_in_page_for_elementor
    • Published: Apr. 22, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-46226

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ferranfg MPL-Publisher allows Stored XSS. This issue affects MPL-Publisher: from n/a through 2.18.0.... Read more

    Affected Products : mpl-publisher mpl-publisher
    • Published: Apr. 22, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-46227

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brecht Custom Related Posts allows Stored XSS. This issue affects Custom Related Posts: from n/a through 1.7.4.... Read more

    Affected Products : custom_related_posts
    • Published: Apr. 22, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13326

    The iBuildApp WordPress plugin through 0.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : ibuildapp
    • Published: Feb. 04, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-45751

    SourceCodester Web Based Pharmacy Product Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in add-admin.php via the Fullname text field.... Read more

    • Published: May. 05, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2022-3363

    Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7.... Read more

    Affected Products : rdiffweb
    • EPSS Score: %0.10
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2022-39944

    In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and maliciou... Read more

    Affected Products : linkis
    • EPSS Score: %1.19
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2022-37202

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list... Read more

    Affected Products : jfinal_cms
    • EPSS Score: %0.46
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025
Showing 20 of 291728 Results