Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-0736

    Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wallabag prior to 2.5.4.... Read more

    Affected Products : wallabag
    • EPSS Score: %0.16
    • Published: Feb. 07, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0717

    The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_delete_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscrib... Read more

    Affected Products : wicked_folders
    • EPSS Score: %0.06
    • Published: Feb. 08, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0720

    The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subs... Read more

    Affected Products : wicked_folders
    • EPSS Score: %0.05
    • Published: Feb. 08, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0724

    The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_add_folder function. This makes it possible for unauthenticated... Read more

    Affected Products : wicked_folders
    • EPSS Score: %0.09
    • Published: Feb. 08, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-52377

    Command injection vulnerability in Nexxt Solutions NCM-X1800 Mesh Router versions UV1.2.7 and below, allowing authenticated attackers to execute arbitrary commands on the device. The vulnerability is present in the web management interface's ping and trac... Read more

    Affected Products :
    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025

  • 5.4

    MEDIUM
    CVE-2025-48167

    Missing Authorization vulnerability in alexvtn Chatbox Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Chatbox Manager: from n/a through 1.2.5.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 5.4

    MEDIUM
    CVE-2025-54038

    Cross-Site Request Forgery (CSRF) vulnerability in jetmonsters Restaurant Menu by MotoPress allows Cross Site Request Forgery. This issue affects Restaurant Menu by MotoPress: from n/a through 2.4.6.... Read more

    Affected Products : restaurant_menu
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025

  • 5.4

    MEDIUM
    CVE-2024-42912

    A cross-site scripting (XSS) vulnerability in META-INF Kft. Email This Issue (Data Center) before 9.13.0-GA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the recipient field of an e-mail message.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 17, 2025

  • 5.4

    MEDIUM
    CVE-2022-45724

    Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSION_ID, and using this SESSION_ID an attacker can then p... Read more

    Affected Products : cf-wr610n_firmware cf-wr610n
    • EPSS Score: %0.08
    • Published: Feb. 13, 2023
    • Modified: Mar. 24, 2025

  • 5.4

    MEDIUM
    CVE-2023-0379

    The Spotlight Social Feeds WordPress plugin before 1.4.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Sto... Read more

    Affected Products : spotlight_social_feeds
    • EPSS Score: %0.24
    • Published: Feb. 13, 2023
    • Modified: Mar. 21, 2025

  • 5.4

    MEDIUM
    CVE-2023-25572

    react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React a... Read more

    Affected Products : ra-ui-materialui react-admin
    • EPSS Score: %0.91
    • Published: Feb. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-46102

    Cross Site Scripting vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version V.5.4.3 allows a remote attacker to obtain sensitive information via the URL parameter... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025

  • 5.4

    MEDIUM
    CVE-2025-46732

    OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL `NotificationLineNotificationMarkReadMutation` and `NotificationLineNotificationDeleteMutation... Read more

    Affected Products : opencti
    • Published: Jul. 18, 2025
    • Modified: Aug. 05, 2025

  • 5.4

    MEDIUM
    CVE-2021-40555

    Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows attackers to execute arbitrary code via description field on the new page creation form.... Read more

    Affected Products : flatcore-cms flatcore
    • EPSS Score: %0.08
    • Published: Feb. 16, 2023
    • Modified: Mar. 19, 2025

  • 5.4

    MEDIUM
    CVE-2025-51397

    A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists.... Read more

    Affected Products : live_helper_chat
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025

  • 5.4

    MEDIUM
    CVE-2022-4622

    The Login Logout Menu WordPress plugin through 1.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perf... Read more

    Affected Products : login_logout_menu
    • EPSS Score: %0.10
    • Published: Feb. 21, 2023
    • Modified: Mar. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-4784

    The Hueman Addons WordPress plugin through 2.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform ... Read more

    Affected Products : hueman_addons
    • EPSS Score: %0.12
    • Published: Feb. 21, 2023
    • Modified: Mar. 14, 2025

  • 5.4

    MEDIUM
    CVE-2023-0380

    The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform S... Read more

    Affected Products : easy_digital_downloads
    • EPSS Score: %0.11
    • Published: Feb. 21, 2023
    • Modified: Mar. 14, 2025

  • 5.4

    MEDIUM
    CVE-2025-46996

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Jul. 24, 2025
    • Modified: Jul. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-46786

    SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 2 of 2).... Read more

    Affected Products : dashboard_server
    • EPSS Score: %0.36
    • Published: Feb. 23, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 290954 Results