Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-20047

    In battery, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08587865; Issue ID: ALPS... Read more

    Affected Products : android mt6781 mt6833 mt6853 mt6877 mt6883 mt6885 mt6893 mt8791 mt8797 +9 more products
    • Published: Apr. 01, 2024
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2024-3427

    A vulnerability, which was classified as problematic, was found in SourceCodester Online Courseware 1.0. This affects an unknown part of the file addq.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the a... Read more

    Affected Products : online_courseware
    • Published: Apr. 07, 2024
    • Modified: Jan. 17, 2025

  • 5.4

    MEDIUM
    CVE-2021-28656

    Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.... Read more

    Affected Products : zeppelin
    • Published: Apr. 09, 2024
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2020-23762

    Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version <= 1.2 for WordPress allows remote attackers to execute arbitrary web script via the "titel" column on the "Eintrage hinzufugen" tab.... Read more

    Affected Products : larsens_calendar
    • EPSS Score: %0.12
    • Published: Apr. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-20519

    IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ... Read more

    • EPSS Score: %0.16
    • Published: Apr. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-30042

    Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name", "Clinic Address", "Clinic City", or "Clinic Contact" field on clinics/register.php... Read more

    Affected Products : remote_clinic
    • EPSS Score: %0.15
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-3613

    A vulnerability was found in SourceCodester Warehouse Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file supplier.php. The manipulation of the argument nama_supplier/alamat_supplier/no... Read more

    Affected Products : warehouse_management_system
    • Published: Apr. 11, 2024
    • Modified: Feb. 18, 2025

  • 5.4

    MEDIUM
    CVE-2024-25922

    Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9. ... Read more

    Affected Products :
    • Published: Apr. 11, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-27970

    Missing Authorization vulnerability in BogdanFix WP SendFox.This issue affects WP SendFox: from n/a through 1.3.0. ... Read more

    Affected Products :
    • Published: Apr. 11, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-30880

    Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping fu... Read more

    Affected Products : rageframe
    • Published: Apr. 11, 2024
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-0881

    The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX act... Read more

    Affected Products : post_grid
    • Published: Apr. 11, 2024
    • Modified: May. 09, 2025

  • 5.4

    MEDIUM
    CVE-2023-45186

    IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functi... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Apr. 12, 2024
    • Modified: Mar. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-31279

    Cross-Site Request Forgery (CSRF) vulnerability in Catch Plugins Generate Child Theme.This issue affects Generate Child Theme: from n/a through 2.0. ... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-28124

    Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field.... Read more

    Affected Products : lavalite
    • EPSS Score: %0.26
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-35660

    Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal page.... Read more

    Affected Products : monica
    • EPSS Score: %0.26
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-2583

    The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS atta... Read more

    Affected Products : shortcodes_ultimate
    • Published: Apr. 13, 2024
    • Modified: May. 12, 2025

  • 5.4

    MEDIUM
    CVE-2023-6067

    The WP User Profile Avatar WordPress plugin through 1.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to... Read more

    • Published: Apr. 15, 2024
    • Modified: May. 09, 2025

  • 5.4

    MEDIUM
    CVE-2024-32449

    Cross-Site Request Forgery (CSRF) vulnerability in MagniGenie RestroPress.This issue affects RestroPress: from n/a through 3.1.2. ... Read more

    Affected Products : restropress
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-32092

    Cross-Site Request Forgery (CSRF) vulnerability in Michael Bester Kimili Flash Embed.This issue affects Kimili Flash Embed: from n/a through 2.5.3. ... Read more

    Affected Products : kimili_flash_embed
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-32096

    Cross-Site Request Forgery (CSRF) vulnerability in DAEV.Tech WP Migration Plugin DB & Files – WP Synchro.This issue affects WP Migration Plugin DB & Files – WP Synchro: from n/a through 1.11.2. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 290940 Results