Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-28151

    Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller fi... Read more

    Affected Products : html_publisher
    • Published: Mar. 06, 2024
    • Modified: May. 06, 2025

  • 4.7

    MEDIUM
    CVE-2024-28150

    Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure pe... Read more

    Affected Products : html_publisher
    • Published: Mar. 06, 2024
    • Modified: May. 06, 2025

  • 6.5

    MEDIUM
    CVE-2024-28149

    Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting (XSS) attacks and to determine whether a path on the Jenkins controller ... Read more

    Affected Products : html_publisher
    • Published: Mar. 06, 2024
    • Modified: May. 06, 2025

  • 6.5

    MEDIUM
    CVE-2025-28017

    TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERY_STRING parameter.... Read more

    Affected Products : a800r_firmware a800r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-28018

    TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter.... Read more

    Affected Products : a800r_firmware a800r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-28019

    TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi component... Read more

    Affected Products : a800r_firmware a800r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-28020

    TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter.... Read more

    Affected Products : a800r_firmware a800r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-28021

    TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the downloadFile.cgi through the v14 and v3 parameters... Read more

    Affected Products : a810r_firmware a810r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-28022

    TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter.... Read more

    Affected Products : a810r_firmware a810r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2024-51243

    The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control all application deployment servers of this management system via DeployController.java.... Read more

    Affected Products : eladmin
    • Published: Oct. 30, 2024
    • Modified: May. 06, 2025

  • 9.1

    CRITICAL
    CVE-2024-51060

    Projectworlds Online Admission System v1 is vulnerable to SQL Injection in index.php via the 'a_id' parameter.... Read more

    • Published: Oct. 31, 2024
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2022-40296

    The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems. ... Read more

    Affected Products : php_point_of_sale
    • EPSS Score: %0.09
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2022-40293

    The application was vulnerable to a session fixation that could be used hijack accounts. ... Read more

    Affected Products : php_point_of_sale
    • EPSS Score: %0.09
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 5.3

    MEDIUM
    CVE-2022-40292

    The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system. ... Read more

    Affected Products : php_point_of_sale
    • EPSS Score: %0.16
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 8.8

    HIGH
    CVE-2022-40291

    The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin a... Read more

    Affected Products : php_point_of_sale
    • EPSS Score: %0.10
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 6.1

    MEDIUM
    CVE-2022-40290

    The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the barcode generation functionality, allowing attackers to generate an unsafe link that could compromise users. ... Read more

    Affected Products : php_point_of_sale
    • EPSS Score: %0.16
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 9.0

    CRITICAL
    CVE-2022-40289

    The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files. ... Read more

    Affected Products : php_point_of_sale
    • EPSS Score: %0.55
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 9.0

    CRITICAL
    CVE-2022-40288

    The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile. ... Read more

    Affected Products : php_point_of_sale
    • EPSS Score: %0.10
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 9.0

    CRITICAL
    CVE-2022-40287

    The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targeted account. ... Read more

    Affected Products : php_point_of_sale
    • EPSS Score: %0.10
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 4.8

    MEDIUM
    CVE-2022-3441

    The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (... Read more

    Affected Products : rock_convert
    • EPSS Score: %0.13
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025
Showing 20 of 291608 Results