Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2014-6763

    The Codename Birdgame (aka com.devsecondfictioncom.devsecondfictioncom.birdadhoc) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information v... Read more

    Affected Products : codename_birdgame
    • EPSS Score: %0.04
    • Published: Sep. 28, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-3752

    The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed ... Read more

    Affected Products : crelly_slider
    • Published: May. 06, 2024
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2022-43481

    Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons for WooCommerce Coupons plugin <= 4.5 on WordPress leading to notice dismissal.... Read more

    Affected Products : advanced_coupons
    • EPSS Score: %0.06
    • Published: Nov. 08, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-30056

    Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /restful-services/publish via the 'EXEC_FROM' parameter that can lead to data leakage.... Read more

    Affected Products : knowage
    • EPSS Score: %0.21
    • Published: Apr. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-10583

    The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_title’ parameter in all versions up to, and including, 1.20.2 due to insuff... Read more

    Affected Products : popup_maker
    • Published: Dec. 12, 2024
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2021-28935

    CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferences > Title field.... Read more

    Affected Products : cms_made_simple
    • EPSS Score: %0.23
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-6884

    The Ford Credit Account Manager (aka com.fordcredit.accountmanager) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... Read more

    Affected Products : ford_credit_account_manager
    • EPSS Score: %0.04
    • Published: Oct. 02, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6887

    The EXPRESS (aka com.gpshopper.express.android) application 2.5.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : express express
    • EPSS Score: %0.04
    • Published: Oct. 11, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-37675

    Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter "sectionContent" related to the functionality of adding notes to an uploaded file.... Read more

    Affected Products : docubase
    • Published: Jun. 21, 2024
    • Modified: Mar. 18, 2025

  • 5.4

    MEDIUM
    CVE-2022-25605

    Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url.... Read more

    Affected Products : wp-downloadmanager
    • EPSS Score: %0.18
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-32069

    Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Media Info Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Wikibase Media Info Extension: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-32071

    Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikidata Extension allows Cross-Site Scripting (XSS) from widthheight message via ImageHandler::getDimensionsString()This issue affects Mediawiki - Wikidata Extension: from 1.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-37764

    MachForm up to version 19 is affected by an authenticated stored cross-site scripting.... Read more

    Affected Products : machform
    • Published: Jul. 01, 2024
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2014-6899

    The Jazeera Airways (aka com.winit.jazeeraairways) application 2.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : jazeera_airways
    • EPSS Score: %0.04
    • Published: Oct. 03, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-11050

    A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified as problematic. This issue affects some unknown processing of the file /language.php. The manipulation of the argument LangID/LangName/LangEName leads to ... Read more

    Affected Products : hotel_broadband_operating_system
    • Published: Nov. 10, 2024
    • Modified: Nov. 23, 2024

  • 5.4

    MEDIUM
    CVE-2022-43721

    An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions ... Read more

    Affected Products : superset
    • EPSS Score: %0.18
    • Published: Jan. 16, 2023
    • Modified: Apr. 07, 2025

  • 5.4

    MEDIUM
    CVE-2023-33287

    A stored cross-site scripting (XSS) vulnerability in the Inline Table Editing application before 3.8.0 for Confluence allows attackers to store and execute arbitrary JavaScript via a crafted payload injected into the tables.... Read more

    Affected Products : inline_table_editing
    • EPSS Score: %0.10
    • Published: May. 31, 2023
    • Modified: Jan. 10, 2025

  • 5.4

    MEDIUM
    CVE-2014-6904

    The Safe Browser - The Web Filter (aka com.cloudacl) application 1.2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : safe_browser_-_the_web_filter
    • EPSS Score: %0.04
    • Published: Oct. 11, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-4401

    A vulnerability was found in pallidlight online-course-selection-system. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier o... Read more

    • EPSS Score: %0.06
    • Published: Dec. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-6936

    The IDS 2013 (aka de.mobileeventguide.ids2013) application 1.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : ids_2013
    • EPSS Score: %0.04
    • Published: Oct. 11, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 291385 Results