Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-32341

    Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters.... Read more

    Affected Products : wondercms
    • Published: Apr. 17, 2024
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-32446

    Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet System for WooCommerce.This issue affects Wallet System for WooCommerce: from n/a through 2.5.9. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-31881

    Missing Authorization vulnerability in Stylemix Pearl allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pearl: from n/a through 1.3.9.... Read more

    Affected Products : pearl_header_builder
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025

  • 5.4

    MEDIUM
    CVE-2023-50344

    HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files. ... Read more

    Affected Products : dryice_myxalytics
    • EPSS Score: %0.20
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 5.4

    MEDIUM
    CVE-2014-6721

    The Pharmaguideline (aka com.pharmaguideline) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : pharmaguideline
    • EPSS Score: %1.15
    • Published: Sep. 26, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6723

    The Comics Plus (aka com.iversecomics.comicsplus.android) application 1.06 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificat... Read more

    Affected Products : comics_plus
    • EPSS Score: %0.04
    • Published: Sep. 26, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2025-3387

    A vulnerability classified as problematic has been found in renrenio renren-security up to 5.4.0. This affects an unknown part of the component JSON Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. T... Read more

    Affected Products : renren-security
    • Published: Apr. 07, 2025
    • Modified: Apr. 29, 2025

  • 5.4

    MEDIUM
    CVE-2023-5087

    The Page Builder: Pagelayer WordPress plugin before 1.7.8 doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code.... Read more

    Affected Products : pagelayer
    • EPSS Score: %0.23
    • Published: Oct. 16, 2023
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2023-50952

    IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. ... Read more

    Affected Products : infosphere_information_server
    • Published: Jun. 30, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-7135

    A vulnerability classified as problematic has been found in code-projects Record Management System 1.0. Affected is an unknown function of the file /main/offices.php of the component Offices Handler. The manipulation of the argument officename with the in... Read more

    Affected Products : record_management_system
    • EPSS Score: %0.13
    • Published: Dec. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-33111

    D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php.... Read more

    Affected Products : dir-845l_firmware dir-845l
    • Published: May. 06, 2024
    • Modified: May. 21, 2025

  • 5.4

    MEDIUM
    CVE-2021-24415

    The Polo Video Gallery – Best wordpress video gallery plugin WordPress plugin through 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which w... Read more

    Affected Products : polo_video_gallery
    • EPSS Score: %0.18
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-6752

    The Mindless Behavior Fan Base (aka com.mindless.behavior.fan.base) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted c... Read more

    Affected Products : mindless_behavior_fan_base
    • EPSS Score: %0.04
    • Published: Sep. 28, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2021-24443

    The About Me widget of the Youzify – BuddyPress Community, User Profile, Social Network & Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any authenticated user to set Cross-Site Scripting payloads in it, ... Read more

    Affected Products : youzify
    • EPSS Score: %0.21
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24494

    The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape some of the fields in the Activity page of the admin dashboard, such as the email's id, subject and recipient, which could lead to Stored Cross-Site Scripting issues when an attacker can... Read more

    Affected Products : wp_offload_ses_lite
    • EPSS Score: %0.46
    • Published: Jul. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-36527

    Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.... Read more

    Affected Products : jfinal_cms
    • EPSS Score: %0.10
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24538

    The Current Book WordPress plugin through 1.0.1 does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting... Read more

    Affected Products : current_book
    • EPSS Score: %0.26
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-6775

    The Light for Pets (aka com.helenwoodward.light4pets) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : light_for_pets
    • EPSS Score: %0.04
    • Published: Sep. 29, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-0557

    A vulnerability, which was classified as problematic, was found in DedeBIZ 6.3.0. This affects an unknown part of the component Website Copyright Setting. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The ... Read more

    Affected Products : dedebiz
    • EPSS Score: %0.06
    • Published: Jan. 15, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1938

    The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against a logged in admin viewing the pl... Read more

    Affected Products : awin_data_feed
    • EPSS Score: %0.72
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291058 Results