Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2018-1541

    IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure... Read more

    Affected Products : websphere_commerce
    • EPSS Score: %0.16
    • Published: Oct. 24, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-6759

    The Downton Abbey Fan Portal (aka com.downton.abbey.fan.portal) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certi... Read more

    Affected Products : downton_abbey_fan_portal
    • EPSS Score: %0.04
    • Published: Sep. 28, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7590

    The WebPromoExperts (aka ua.com.webpromoexperts) application 1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : webpromoexperts
    • EPSS Score: %0.04
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2015-7486

    Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web scr... Read more

    • EPSS Score: %0.13
    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-5652

    The Kicksend Photo Prints (aka com.kicksend.android.print) application 1.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certific... Read more

    Affected Products : kicksend_photo_prints
    • EPSS Score: %0.04
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5651

    The Kicksend: Share & Print Photos (aka com.kicksend.android) application 3.3.2.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted ce... Read more

    Affected Products : kicksend\
    • EPSS Score: %0.04
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2020-19204

    An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exists in Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 in the "routing.cgi" Routing Table Entries via the "Remark" text box or "remark" parameter. It allows an authenticated W... Read more

    Affected Products : ipfire
    • EPSS Score: %0.32
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1817

    A vulnerability, which was classified as problematic, was found in Badminton Center Management System. This affects the userlist module at /bcms/admin/?page=user/list. The manipulation of the argument username with the input </td><img src="" onerror="aler... Read more

    • EPSS Score: %0.19
    • Published: May. 23, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-7108

    The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field.... Read more

    Affected Products : learndash
    • EPSS Score: %1.45
    • Published: Jan. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-6883

    The CNNMoney Portfolio for stocks (aka com.cnn.portfolio) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certifica... Read more

    Affected Products : cnnmoney_portfolio_for_stocks
    • EPSS Score: %0.04
    • Published: Oct. 02, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7463

    The IM5 Fans Planet (aka uk.co.pixelkicks.im5) application 2.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : im5_fans_planet
    • EPSS Score: %0.04
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-31262

    Cross-Site Request Forgery (CSRF) vulnerability in Jcodex WooCommerce Checkout Field Editor (Checkout Manager).This issue affects WooCommerce Checkout Field Editor (Checkout Manager): from n/a through 2.1.8. ... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-7373

    The Inspire Weddings (aka com.magzter.inspireweddings) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : inspire_weddings
    • EPSS Score: %0.04
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7374

    The SPIN - Motion Comic (aka me.narr8.android.serial.spin) application 2.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certific... Read more

    Affected Products : spin_-_motion_comic
    • EPSS Score: %0.04
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2023-47314

    Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting (XSS). The file upload function allows APK and arbitrary files to be uploaded. By exploiting this issue, attackers may upload HTML files and share the download URL pointing to these files... Read more

    Affected Products : headwind_mdm
    • EPSS Score: %0.08
    • Published: Nov. 22, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-2349

    A vulnerability classified as problematic has been found in SourceCodester Service Provider Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument page leads to cross site scripting. It is pos... Read more

    • EPSS Score: %0.07
    • Published: Apr. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-7456

    The Digit Magazine (aka com.magzter.digitmagazine) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : digit_magazine
    • EPSS Score: %0.04
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7544

    The Secret City - Motion Comic (aka me.narr8.android.serial.the_secret_city) application 2.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via ... Read more

    Affected Products : secret_city_-_motion_comic
    • EPSS Score: %0.04
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2023-27775

    A stored HTML injection vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary code via a crafted payload.... Read more

    Affected Products : livesp
    • EPSS Score: %0.87
    • Published: Apr. 12, 2023
    • Modified: Feb. 08, 2025

  • 5.4

    MEDIUM
    CVE-2019-13936

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a persistent XSS vulnerability. This issue affects: Siemens AG Polarion All versions ... Read more

    Affected Products : polarion
    • EPSS Score: %0.40
    • Published: Nov. 27, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292516 Results