Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-6703

    The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ and 'btn_txt' parameters in all versions up to, and including, 5.1.19 due to ... Read more

    Affected Products : contact_form
    • Published: Jul. 27, 2024
    • Modified: Feb. 10, 2025

  • 5.4

    MEDIUM
    CVE-2023-26289

    IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache... Read more

    Affected Products : aspera_orchestrator
    • Published: Jul. 30, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-7284

    A vulnerability, which was classified as problematic, was found in SourceCodester Lot Reservation Management System 1.0. This affects an unknown part of the file /admin/ajax.php?action=save_settings. The manipulation of the argument about leads to cross s... Read more

    Affected Products : lot_reservation_management_system
    • Published: Jul. 31, 2024
    • Modified: Aug. 08, 2024

  • 5.4

    MEDIUM
    CVE-2024-6408

    The Slider by 10Web WordPress plugin before 1.2.57 does not sanitise and escape its Slider Title, which could allow high privilege users such as editors and above to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : slider
    • Published: Jul. 31, 2024
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2024-6725

    The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in all versions up to, and including, 6.11.1 due to insuffi... Read more

    • Published: Jul. 31, 2024
    • Modified: Feb. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-7303

    A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /request.php of the component Send Blood Request Page. The manipulation of the argu... Read more

    • Published: Jul. 31, 2024
    • Modified: Aug. 12, 2024

  • 5.4

    MEDIUM
    CVE-2024-41955

    Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. Update to MobSF v4.0.5.... Read more

    Affected Products : mobile_security_framework
    • Published: Jul. 31, 2024
    • Modified: Aug. 15, 2024

  • 5.4

    MEDIUM
    CVE-2024-7300

    A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Affected is an unknown function of the file /bolt/editcontent/showcases of the component Showcase Creation Handler. The manipulation of the argument title/textarea leads to cross ... Read more

    Affected Products : bolt
    • Published: Jul. 31, 2024
    • Modified: Feb. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-39837

    Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Aug. 01, 2024
    • Modified: Sep. 04, 2024

  • 5.4

    MEDIUM
    CVE-2024-6710

    The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.... Read more

    Affected Products : ditty
    • Published: Aug. 05, 2024
    • Modified: Sep. 05, 2024

  • 5.4

    MEDIUM
    CVE-2024-41816

    Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the ‘[cooked-timer]’ shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output es... Read more

    Affected Products : cooked
    • Published: Aug. 05, 2024
    • Modified: Feb. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-7621

    The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the process_wpfeedback_misc_options() function in all versions up to, and... Read more

    • Published: Aug. 12, 2024
    • Modified: Aug. 12, 2024

  • 5.4

    MEDIUM
    CVE-2024-7683

    A vulnerability classified as problematic has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file addcase_stage.php. The manipulation of the argument cname leads to cross site scripti... Read more

    Affected Products : advocate_office_management_system
    • Published: Aug. 12, 2024
    • Modified: Aug. 20, 2024

  • 5.4

    MEDIUM
    CVE-2024-7733

    A vulnerability, which was classified as problematic, was found in FastCMS up to 0.1.5. Affected is an unknown function of the component New Article Category Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotel... Read more

    Affected Products : fastcms fastcms
    • Published: Aug. 13, 2024
    • Modified: Sep. 12, 2024

  • 5.4

    MEDIUM
    CVE-2024-7749

    A vulnerability, which was classified as problematic, was found in SourceCodester Accounts Manager App 1.0. Affected is an unknown function of the file /endpoint/add-account.php. The manipulation of the argument account_name leads to cross site scripting.... Read more

    • Published: Aug. 13, 2024
    • Modified: Nov. 22, 2024

  • 5.4

    MEDIUM
    CVE-2023-41844

    A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.4... Read more

    Affected Products : fortisandbox
    • EPSS Score: %0.44
    • Published: Dec. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-7812

    A vulnerability classified as problematic was found in SourceCodester Best House Rental Management System 1.0. This vulnerability affects unknown code of the file /rental_0/rental/ajax.php?action=save_tenant of the component POST Parameter Handler. The ma... Read more

    • Published: Aug. 15, 2024
    • Modified: Aug. 19, 2024

  • 5.4

    MEDIUM
    CVE-2024-7852

    A vulnerability was found in SourceCodester Yoga Class Registration System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument message leads to cross... Read more

    • Published: Aug. 16, 2024
    • Modified: Aug. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-25837

    A stored cross-site scripting (XSS) vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments section.... Read more

    Affected Products : october
    • Published: Aug. 16, 2024
    • Modified: Apr. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-42758

    A Cross-site Scripting (XSS) vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki (Open Source Wiki Engine). A malicious attacker can input XSS payloads for example when creating or editing existing page... Read more

    Affected Products :
    • Published: Aug. 16, 2024
    • Modified: Aug. 19, 2024
Showing 20 of 291275 Results