Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-3426

    A vulnerability, which was classified as problematic, has been found in SourceCodester Online Courseware 1.0. Affected by this issue is some unknown functionality of the file editt.php. The manipulation of the argument id leads to cross site scripting. Th... Read more

    Affected Products : online_courseware
    • Published: Apr. 07, 2024
    • Modified: Jan. 17, 2025

  • 5.4

    MEDIUM
    CVE-2024-40690

    IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure withi... Read more

    Affected Products : infosphere_information_server
    • Published: Jul. 12, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-11675

    A vulnerability has been found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /backend/admin/his_admin_register_patient.php of the component Add Patient Det... Read more

    • Published: Nov. 26, 2024
    • Modified: Dec. 04, 2024

  • 5.4

    MEDIUM
    CVE-2014-6972

    The Kazakhstan Radio (aka com.wordbox.kazakhstanRadio) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : kazakhstan_radio
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-11841

    The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to p... Read more

    Affected Products : tithe.ly_giving_button
    • Published: Dec. 16, 2024
    • Modified: May. 17, 2025

  • 5.4

    MEDIUM
    CVE-2022-38256

    TastyIgniter v3.5.0 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : tastyigniter
    • Published: Sep. 08, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-4410

    The IgnitionDeck Crowdfunding Platform plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.9.8. This is due to missing capability checks on various functions called via AJAX actions in the ~/classes/class-idf-wi... Read more

    Affected Products :
    • Published: Jul. 27, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-1333

    The Responsive Pricing Table WordPress plugin before 5.1.11 does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and ab... Read more

    Affected Products : responsive_pricing_table
    • Published: Mar. 18, 2024
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-23191

    Upsell advertisement information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack ... Read more

    Affected Products : open-xchange_appsuite ox_app_suite
    • Published: Apr. 08, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-13541

    The aDirectory – WordPress Directory Listing Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the adqs_delete_listing() function in all versions up to, and including, 2.3. This makes it possible f... Read more

    Affected Products : adirectory
    • Published: Feb. 12, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2022-21398

    Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows low privileged attac... Read more

    Affected Products : communications_operations_monitor
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-24397

    Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field.... Read more

    Affected Products : dashboards.js
    • Published: Feb. 05, 2024
    • Modified: May. 15, 2025

  • 5.4

    MEDIUM
    CVE-2024-1775

    The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the ‘error_description’ parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output es... Read more

    Affected Products : nextend_social_login
    • Published: Mar. 02, 2024
    • Modified: Jan. 16, 2025

  • 5.4

    MEDIUM
    CVE-2024-24705

    Cross-Site Request Forgery (CSRF) vulnerability in Octa Code Accessibility.This issue affects Accessibility: from n/a through 1.0.6. ... Read more

    Affected Products : accessibility
    • Published: Feb. 28, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-7330

    The XtendCU Mobile (aka com.metova.cuae.xtend) application 1.0.28 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : xtendcu_mobile
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-39207

    Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is possible to save build artifacts for later retrieval. They can be accessed through OneDev's web UI after the successful run of a build. These artifact files... Read more

    Affected Products : onedev
    • Published: Sep. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-5535

    The Baby Get Up - Kids Care (aka air.brown.jordansa.getup) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certific... Read more

    Affected Products : baby_get_up_-_kids_care
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5551

    The Alphabet & Spelling Kids Games (aka air.com.tribalnova.ilearnwith.ipad.App1En) application 1.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informatio... Read more

    Affected Products : alphabet_\&_spelling_kids_games
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2021-25935

    In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1 are vulnerable... Read more

    Affected Products : opennms horizon meridian
    • Published: May. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-21734

    SAP Marketing (Contacts App) - version 160, allows an attacker with low privileges to trick a user to open malicious page which could lead to a very convincing phishing attack with low impact on confidentiality and integrity of the application. ... Read more

    Affected Products : marketing
    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 292802 Results