Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2014-6679

    The wEPISDParentPortal (aka com.dreamstep.wEPISDParentPortal) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certifi... Read more

    Affected Products : wepisdparentportal
    • EPSS Score: %0.04
    • Published: Sep. 23, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6712

    The Airlines International (aka org.iata.IAMagazine) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : airlines_international
    • EPSS Score: %0.04
    • Published: Sep. 25, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2021-28002

    A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by us... Read more

    Affected Products : textpattern
    • EPSS Score: %0.23
    • Published: Aug. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-6718

    The My Mobile Day (aka com.mymobileday) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : my_mobile_day
    • EPSS Score: %0.04
    • Published: Sep. 25, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6719

    The Kayak Angler Magazine (aka air.com.yudu.ReaderAIR1360155) application 3.12.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted cert... Read more

    Affected Products : kayak_angler_magazine
    • EPSS Score: %0.04
    • Published: Sep. 26, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6742

    The All around Cyprus (aka com.cyprus.newspapers) application 2.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : all_around_cyprus
    • EPSS Score: %0.04
    • Published: Sep. 27, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2025-7791

    A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/search.php. The manipulation of the argument searchdata leads to cross site s... Read more

    • Published: Jul. 18, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2021-28114

    Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing.... Read more

    Affected Products : froala_editor
    • EPSS Score: %0.57
    • Published: Jul. 16, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-42485

    Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Galaxy Weblinks Gallery with thumbnail slider plugin <= 6.0 versions.... Read more

    Affected Products : gallery_with_thumbnail_slider
    • EPSS Score: %0.11
    • Published: Mar. 21, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-6853

    The Foxit MobilePDF - PDF Reader (aka com.foxit.mobile.pdf.lite) application 2.2.0.0616 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a craft... Read more

    • EPSS Score: %0.22
    • Published: Oct. 01, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-37308

    The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the `_recipe_settings[post_title]` parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This ... Read more

    Affected Products : cooked
    • Published: Jun. 13, 2024
    • Modified: Feb. 11, 2025

  • 5.4

    MEDIUM
    CVE-2014-6862

    The ArtAcces (aka cat.gencat.mobi.artacces) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : artacces
    • EPSS Score: %0.04
    • Published: Oct. 02, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2021-28378

    Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations.... Read more

    Affected Products : gitea
    • EPSS Score: %12.92
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-31698

    Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self... Read more

    Affected Products : bludit
    • EPSS Score: %0.35
    • Published: May. 17, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-36312

    There is a Cross Site Scripting (XSS) vulnerability in the value-enum-o_bf_include_timezone parameter of index.php in PHPJabbers Callback Widget v1.0.... Read more

    Affected Products : callback_widget
    • EPSS Score: %0.08
    • Published: Aug. 10, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-31757

    DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'edit___cfg_powerby' and 'edit___cfg_beian'... Read more

    Affected Products : dedecms
    • EPSS Score: %0.07
    • Published: May. 19, 2023
    • Modified: Jan. 21, 2025

  • 5.4

    MEDIUM
    CVE-2023-31779

    Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature.... Read more

    Affected Products : wekan
    • EPSS Score: %0.20
    • Published: May. 22, 2023
    • Modified: Jan. 28, 2025

  • 5.4

    MEDIUM
    CVE-2014-6867

    The Sortir en Alsace (aka com.axessweb.sortirenalsace) application 0.5b for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : sortir_en_alsace
    • EPSS Score: %0.04
    • Published: Oct. 02, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-37415

    Missing Authorization vulnerability in E2Pdf.Com allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects e2pdf: from n/a through 1.20.27.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 5.4

    MEDIUM
    CVE-2014-6753

    The sunnat e rasool (aka com.imsoft.sunnat_e_rasool) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : sunnat_e_rasool
    • EPSS Score: %0.04
    • Published: Sep. 28, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 291275 Results