Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2014-7718

    The Travel+Leisure (aka com.magzter.travelleisure) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : travel\+leisure
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2015-7879

    Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x before 7.x-1.3 for Drupal allows remote authenticated users with permission to create or edit a stickynote to inject arbitrary web script or HTML via note text on the admin listing page... Read more

    Affected Products : stickynote
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2021-24558

    The pspin_duplicate_post_save_as_new_post function of the Project Status WordPress plugin through 1.6 does not sanitise, validate or escape the post GET parameter passed to it before outputting it in an error message when the related post does not exist, ... Read more

    Affected Products : project_status
    • Published: Aug. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-1653

    IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentia... Read more

    Affected Products : security_access_manager
    • Published: Dec. 13, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-35482

    SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS.... Read more

    Affected Products : serv-u
    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-16631

    Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter.... Read more

    Affected Products : subrion_cms
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-2969

    The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the wpegg_updateOptions() function. This makes it possible for unauthenticat... Read more

    Affected Products : wp-eggdrop
    • Published: Mar. 29, 2024
    • Modified: May. 19, 2025

  • 5.4

    MEDIUM
    CVE-2014-6954

    The Deer Hunting Calls + Guide (aka com.anawaz.deerhuntingcalls.free) application 4.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a craft... Read more

    Affected Products : deer_hunting_calls_\+_guide
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2020-4140

    IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a... Read more

    Affected Products : security_siteprotector_system
    • Published: Nov. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-5722

    The SwiftKey Keyboard + Emoji (aka com.touchtype.swiftkey) application 5.0.2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certif... Read more

    Affected Products : swiftkey_keyboard_\+_emoji
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2020-8594

    The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format].... Read more

    Affected Products : ninja_forms
    • Published: Feb. 14, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-5710

    The Cisco Class Locator Fast Lane (aka com.tabletkings.mycompany.fastlane.cisco) application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a ... Read more

    Affected Products : cisco_class_locator_fast_lane
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6001

    The gewara (aka com.gewara) application 5.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : gewara
    • Published: Sep. 22, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5923

    The Facebook Status Via (aka com.StatusViaAdvanced) application 3.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : facebook_status_via
    • Published: Sep. 18, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2018-10580

    The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject (aka thread subject) field.... Read more

    Affected Products : latest_posts_on_profile
    • Published: May. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-5900

    The myHomework Student Planner (aka com.myhomeowork) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : myhomework_student_planner
    • Published: Sep. 15, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5851

    The Dark Summoner (aka com.darksummoner) application 1.03.39 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : dark_summoner
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5574

    The Ask.fm - Social Q&A Network (aka com.askfm) application 1.2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : ask.fm-social_q\&a_network
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5803

    The Towers N' Trolls (aka project.android.ftdjni) application 1.6.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : towers_n\'_trolls
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2017-1345

    IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a ... Read more

    Affected Products : insights_foundation_for_energy
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292826 Results