Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-32335

    TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless Page.... Read more

    Affected Products : n300rt_firmware n300rt
    • Published: Apr. 18, 2024
    • Modified: Apr. 03, 2025

  • 5.4

    MEDIUM
    CVE-2014-6913

    The Dive The World (aka com.paperton.wl.divetheworld) application 1.53 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : dive_the_world
    • EPSS Score: %0.04
    • Published: Oct. 04, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-3818

    The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Social Icons" block in all versions up to, and including, 4.5.9 due to insufficient input saniti... Read more

    Affected Products : essential_blocks
    • Published: Apr. 19, 2024
    • Modified: Jan. 21, 2025

  • 5.4

    MEDIUM
    CVE-2014-6940

    The Absolute Lending Solutions (aka com.soln.S008F6C05EC0B63264B429F6D76286562) application 1.0073.b0073 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive inform... Read more

    Affected Products : absolute_lending_solutions
    • EPSS Score: %0.04
    • Published: Oct. 11, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6942

    The Alisha Marie (Unofficial) (aka com.automon.ay.alisha.marie) application 1.4.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted c... Read more

    Affected Products : alisha_marie
    • EPSS Score: %0.04
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2023-38626

    A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ... Read more

    Affected Products : apex_central
    • EPSS Score: %0.15
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2014-6970

    The North American Ismaili Games (aka hr.apps.n166983741) application 5.26.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certific... Read more

    Affected Products : north_american_ismaili_games
    • EPSS Score: %0.04
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6973

    The Care4Kids (aka com.codetherapy.care4kids) application 1.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : care4kids
    • EPSS Score: %0.04
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-44361

    An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in admin/ad_list.php.... Read more

    Affected Products : zzcms
    • EPSS Score: %0.08
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2014-6988

    The Quotes in Images (aka pt.lumberapps.imagensfrases) application 3.7.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : quotes_in_images
    • EPSS Score: %0.04
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2025-51656

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php.... Read more

    Affected Products : semcms
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2014-6994

    The Atecea (aka com.atecea) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : atecea
    • EPSS Score: %0.04
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7011

    The NWTC Mobile (aka com.dub.app.nwtc) application 1.4.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : nwtc_mobile
    • EPSS Score: %0.04
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7012

    The Coffee Inn (aka lt.lemonlabs.android.coffeeinn) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : coffee_inn
    • EPSS Score: %0.04
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7016

    The Mahasna Batik (aka com.batik.mahasna) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : mahasna_batik
    • EPSS Score: %0.04
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7018

    The LOVE DANCE (aka com.efunfun.ddianle.lovedance) application 1.2.0626 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : love_dance
    • EPSS Score: %0.04
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2023-38971

    Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the rack number parameter in the add new rack function.... Read more

    Affected Products : badaso
    • EPSS Score: %0.33
    • Published: Aug. 29, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-42550

    A cross-site scripting (XSS) vulnerability in the component /email/welcome.php of Mini Inventory and Sales Management System commit 18aa3d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.... Read more

    Affected Products :
    • Published: Aug. 21, 2024
    • Modified: Oct. 30, 2024

  • 5.4

    MEDIUM
    CVE-2014-7026

    The LIFE TIME FITNESS (aka com.lifetimefitness.ltfmobile) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate... Read more

    Affected Products : life_time_fitness
    • EPSS Score: %0.04
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-44631

    Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in 1app Technologies, Inc 1app Business Forms plugin <= 1.0.0 versions.... Read more

    Affected Products : 1app_business_forms
    • EPSS Score: %0.07
    • Published: Apr. 23, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291384 Results