Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2014-7796

    The House365 Radio (aka com.nobexinc.wls_27853803.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : house365_radio
    • EPSS Score: %0.04
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6827

    The DK ONLINE Beta (aka com.sgmobile.dkonline) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : dk_online_beta
    • EPSS Score: %0.04
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-4664

    The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Sto... Read more

    Affected Products : gs_logo_slider logo_slider logo_slider
    • EPSS Score: %0.35
    • Published: Feb. 06, 2023
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2014-6842

    The Daily Advertiser Print (aka com.lafayettedailyadv.android.prod) application 6.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted c... Read more

    Affected Products : daily_advertiser_print
    • EPSS Score: %0.04
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-42054

    Cervantes through 0.5-alpha accepts insecure file uploads.... Read more

    Affected Products : cervantes
    • Published: Jul. 28, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-6847

    The Horoscopes and Dreams (aka com.horoscopesanddreams) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate... Read more

    Affected Products : horoscopes_and_dreams
    • EPSS Score: %0.04
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-4676

    The OSM WordPress plugin through 6.01 does not validate and escape some of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.... Read more

    Affected Products : openstreetmap
    • EPSS Score: %0.10
    • Published: May. 30, 2023
    • Modified: Jan. 09, 2025

  • 5.4

    MEDIUM
    CVE-2014-6852

    The LedLine.gr Official (aka com.automon.ledline.gr) application 1.4.0.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : ledline.gr_official
    • EPSS Score: %0.04
    • Published: Oct. 01, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-4678

    The TemplatesNext ToolKit WordPress plugin before 3.2.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to p... Read more

    Affected Products : templatesnext_toolkit
    • EPSS Score: %0.32
    • Published: Feb. 13, 2023
    • Modified: Mar. 21, 2025

  • 5.4

    MEDIUM
    CVE-2023-37124

    A stored cross-site scripting (XSS) vulnerability in the Site Setup module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : seacms
    • EPSS Score: %0.08
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-37132

    A stored cross-site scripting (XSS) vulnerability in the custom variables module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : eyoucms
    • EPSS Score: %0.08
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-2699

    A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation of the argument onload leads to cross site scripting. T... Read more

    Affected Products : contenttools contenttools contenttools
    • Published: Mar. 24, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-42918

    itsourcecode Online Accreditation Management System contains a Cross Site Scripting vulnerability, which allows an attacker to execute arbitrary code via a crafted payload to the SCHOOLNAME, EMAILADDRES, CONTACTNO, COMPANYNAME and COMPANYCONTACTNO paramet... Read more

    • Published: Aug. 23, 2024
    • Modified: Mar. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-46965

    The DS allvideo.downloader.browser (aka Fast Video Downloader: Browser) application through 1.6-RC1 for Android allows an attacker to execute arbitrary JavaScript code via the allvideo.downloader.browser.DefaultBrowserActivity component.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 5.4

    MEDIUM
    CVE-2024-1590

    The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output esca... Read more

    Affected Products : pagelayer
    • Published: Feb. 23, 2024
    • Modified: Jan. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-3239

    The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributo... Read more

    Affected Products : postx
    • Published: May. 14, 2024
    • Modified: May. 14, 2025

  • 5.4

    MEDIUM
    CVE-2024-4372

    The Carousel Slider WordPress plugin before 2.2.11 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks... Read more

    Affected Products : carousel_slider
    • Published: May. 21, 2024
    • Modified: Apr. 10, 2025

  • 5.4

    MEDIUM
    CVE-2023-42473

    S/4HANA Manage (Withholding Tax Items) - version 106, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges which has low impact on the confidentiality and integrity of the application. ... Read more

    Affected Products : s\/4hana
    • EPSS Score: %0.15
    • Published: Oct. 10, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-2692

    A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Hall Booking System. This affects an unknown part of the file /whbs/admin/?page=user of the component Staff User Profile. The manipulation of the argument First Name... Read more

    Affected Products : wedding_hall_booking_system
    • EPSS Score: %0.31
    • Published: Aug. 06, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-1972

    A vulnerability was found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Employer/EditProfile.php. The manipulation of the argument Address leads to cross site scrip... Read more

    Affected Products : online_job_portal
    • Published: Feb. 28, 2024
    • Modified: Dec. 10, 2024
Showing 20 of 291401 Results