Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-26128

    baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability.... Read more

    Affected Products : basercms
    • Published: Feb. 22, 2024
    • Modified: Dec. 20, 2024

  • 5.4

    MEDIUM
    CVE-2024-27087

    Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a "Custom" link type for advanced use cases that don't fit ... Read more

    Affected Products : kirby
    • Published: Feb. 26, 2024
    • Modified: Dec. 31, 2024

  • 5.4

    MEDIUM
    CVE-2024-24099

    Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Employment Status Information Update.... Read more

    Affected Products : scholars_tracking_system
    • Published: Feb. 27, 2024
    • Modified: Apr. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-1687

    The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the get_text_editor_content() function in all versions up to, and including... Read more

    • Published: Feb. 27, 2024
    • Modified: Jan. 15, 2025

  • 5.4

    MEDIUM
    CVE-2023-48679

    Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.... Read more

    Affected Products : linux_kernel windows cyber_protect
    • Published: Feb. 27, 2024
    • Modified: Feb. 06, 2025

  • 5.4

    MEDIUM
    CVE-2024-26450

    An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. This exploit involves chaining a Cross Site Request Forgery vulnerability to issue a Stored Cross Site Scripting payload stored within an Admin user's da... Read more

    Affected Products : piwigo
    • Published: Feb. 28, 2024
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-1218

    The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and in... Read more

    Affected Products : kali_forms contact_form_builder
    • Published: Feb. 29, 2024
    • Modified: Jan. 19, 2025

  • 5.4

    MEDIUM
    CVE-2024-1340

    The Login Lockdown – Protect Login Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the generate_export_file function in all versions up to, and including, 2.08. This makes it possible for authent... Read more

    Affected Products : wp_login_lockdown
    • Published: Feb. 29, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-1341

    The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advanced_iframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources throug... Read more

    Affected Products : advanced_iframe
    • Published: Feb. 29, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-27949

    Server-Side Request Forgery (SSRF) vulnerability in sirv.Com Image Optimizer, Resizer and CDN – Sirv.This issue affects Image Optimizer, Resizer and CDN – Sirv: from n/a through 7.2.0. ... Read more

    Affected Products : sirv
    • Published: Mar. 01, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-27140

    ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a... Read more

    Affected Products : archiva
    • Published: Mar. 01, 2024
    • Modified: May. 28, 2025

  • 5.4

    MEDIUM
    CVE-2023-49976

    A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customer_support/index.php?page=new_ticket.... Read more

    Affected Products : customer_support_system
    • Published: Mar. 06, 2024
    • Modified: Mar. 28, 2025

  • 5.4

    MEDIUM
    CVE-2022-3853

    Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application.... Read more

    Affected Products : supra-csv-parser
    • EPSS Score: %0.08
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2024-28339

    An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.... Read more

    • Published: Mar. 12, 2024
    • Modified: May. 27, 2025

  • 5.4

    MEDIUM
    CVE-2023-6957

    The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.9 due to insufficient input sanitization and output escaping. This makes it possible for atta... Read more

    Affected Products : contact_form fluent_forms
    • Published: Mar. 13, 2024
    • Modified: Apr. 04, 2025

  • 5.4

    MEDIUM
    CVE-2024-1606

    Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. This might lead to a successful phishing attack for example by tricking users into using a... Read more

    Affected Products : control-m
    • Published: Mar. 18, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-1785

    The Contests by Rewards Fuel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.62. This is due to missing or incorrect nonce validation on the ajax_handler() function. This makes it possible for una... Read more

    Affected Products :
    • Published: Mar. 20, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-7246

    The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks... Read more

    Affected Products : system_dashboard
    • Published: Mar. 20, 2024
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-2538

    The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authentica... Read more

    Affected Products : permalink_manager_lite
    • Published: Mar. 20, 2024
    • Modified: Feb. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-29419

    There is a Cross-site scripting (XSS) vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013.... Read more

    Affected Products : x2000r_firmware x2000r
    • Published: Mar. 20, 2024
    • Modified: Mar. 27, 2025
Showing 20 of 291335 Results