Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2014-6669

    The Inside Crochet (aka com.magazinecloner.insidecrochet) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certi... Read more

    Affected Products : inside_crochet
    • EPSS Score: %0.04
    • Published: Sep. 23, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-9320

    A vulnerability has been found in SourceCodester Online Timesheet App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /endpoint/add-timesheet.php of the component Add Timesheet Form. The manipulation of the argument ... Read more

    Affected Products : online_timesheet_app
    • Published: Sep. 29, 2024
    • Modified: Oct. 01, 2024

  • 5.4

    MEDIUM
    CVE-2014-6677

    The Ticket Round Up (aka com.xcr.android.ticketroundupapp) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certific... Read more

    Affected Products : ticket_round_up
    • EPSS Score: %0.04
    • Published: Sep. 23, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6697

    The Morocco Weather (aka com.mobilesoft.meteomaroc) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : morocco_weather
    • EPSS Score: %0.04
    • Published: Sep. 24, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6706

    The Embry-Riddle (aka com.dub.app.erau) application 1.4.04 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : embry-riddle
    • EPSS Score: %0.04
    • Published: Sep. 25, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2021-27989

    Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx.... Read more

    Affected Products : appspace
    • EPSS Score: %0.18
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-6731

    The Alfa-Bank (aka ru.alfabank.mobile.android) application 5.5.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : alfa-bank
    • EPSS Score: %0.04
    • Published: Sep. 26, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2020-23576

    Laborator Neon dashboard v3 is affected by stored Cross Site Scripting (XSS) via the chat tab.... Read more

    Affected Products : neon
    • EPSS Score: %0.21
    • Published: Aug. 27, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-38740

    Missing Authorization vulnerability in Packlink Shipping S.L. Packlink PRO shipping module allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Packlink PRO shipping module: from n/a through 3.4.6.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 5.4

    MEDIUM
    CVE-2023-36526

    Missing Authorization vulnerability in Inqsys Technology Duplicate Post Page Menu & Custom Post Type allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Duplicate Post Page Menu & Custom Post Type: from n/a through 2... Read more

    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 5.4

    MEDIUM
    CVE-2025-24437

    Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability t... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Feb. 11, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2023-26951

    onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Member List module.... Read more

    Affected Products : onekeyadmin
    • EPSS Score: %0.08
    • Published: Mar. 16, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-24604

    Missing Authorization vulnerability in Vikas Ratudi VForm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects VForm: from n/a through 3.0.5.... Read more

    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2023-32593

    Missing Authorization vulnerability in GS Plugins GS Pins for Pinterest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Pins for Pinterest: from n/a through 1.6.7.... Read more

    Affected Products : gs_pinterest_portfolio
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 5.4

    MEDIUM
    CVE-2023-37257

    DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, the DataEase panel and dataset have a stored cross-site scripting vulnerability. The vulnerability has been fixed in v1.18.9. There are no known workarounds.... Read more

    Affected Products : dataease
    • EPSS Score: %0.45
    • Published: Jul. 25, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-32669

    Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. This vulnerability can be exploited by changing the album identification (id).... Read more

    Affected Products : buddyboss
    • EPSS Score: %0.05
    • Published: Oct. 03, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-6892

    The kalahari.com Shopping (aka com.kalahari.shop) application 1.4.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : kalahari.com_shopping
    • EPSS Score: %0.04
    • Published: Oct. 02, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2023-3319

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iDisplay PlatPlay DS allows Stored XSS.This issue affects PlatPlay DS: before 3.14. ... Read more

    Affected Products : platplay_ds
    • EPSS Score: %0.10
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-3965

    A vulnerability has been found in itwanger paicoding 1.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /article/app/post. The manipulation of the argument content leads to cross site scripting. The... Read more

    Affected Products : paicoding
    • Published: Apr. 27, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2020-4252

    IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credential... Read more

    • EPSS Score: %0.16
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292508 Results