Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2014-6741

    The John MacArthur (aka com.john.macarthur) application 1.0.26 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : john_macarthur
    • EPSS Score: %0.04
    • Published: Sep. 27, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-37207

    Missing Authorization vulnerability in Theme4Press Demo Awesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Awesome: from n/a through 1.0.2.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 5.4

    MEDIUM
    CVE-2014-6854

    The EyeXam (aka com.globaleyeventures.eyexam) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : eyexam
    • EPSS Score: %0.04
    • Published: Oct. 01, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6861

    The Terrarienbilder.com Forum (aka com.tapatalk.terrarienbildercomvb) application 3.8.20 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a craf... Read more

    Affected Products : terrarienbilder.com_forum
    • EPSS Score: %0.04
    • Published: Oct. 02, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6865

    The Jamal Bates Show (aka com.conduit.app_3a95e13827c54c4da9056fafb33ecc8d.app) application 1.3.14.254 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informat... Read more

    Affected Products : jamal_bates_show
    • EPSS Score: %0.04
    • Published: Oct. 02, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7994

    Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the ... Read more

    • EPSS Score: %0.15
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-0820

    The Jobs for WordPress plugin before 2.7.4 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : jobs_for_wordpress
    • Published: Mar. 18, 2024
    • Modified: Mar. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-0871

    The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Widget 'fl_builder_data[node_preview][link]' and 'fl_builder_data[settings][link_target]' parameters in all versions up to, and including, 2.7.4.2 due to ins... Read more

    • Published: Mar. 13, 2024
    • Modified: Jan. 02, 2025

  • 5.4

    MEDIUM
    CVE-2025-24750

    Missing Authorization vulnerability in ExactMetrics ExactMetrics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ExactMetrics: from n/a through 8.1.0.... Read more

    Affected Products : exactmetrics
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2023-26954

    onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Group module.... Read more

    Affected Products : onekeyadmin onekeyadmin
    • EPSS Score: %0.08
    • Published: Mar. 07, 2023
    • Modified: Mar. 06, 2025

  • 5.4

    MEDIUM
    CVE-2014-6758

    The Qin Story (aka com.kongzhong.tjmammoth.android.cqqslengp) application 1.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certif... Read more

    Affected Products : qin_story
    • EPSS Score: %0.04
    • Published: Sep. 28, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-1849

    The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL... Read more

    Affected Products : wp_customer_reviews
    • Published: Apr. 15, 2024
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2014-6761

    The Aprende a Meditar (aka com.rareartifact.aprendeameditar544CB0A2) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted ... Read more

    Affected Products : aprende_a_meditar
    • EPSS Score: %0.04
    • Published: Sep. 28, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2023-37125

    A stored cross-site scripting (XSS) vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : seacms
    • EPSS Score: %0.08
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-37483

    Missing Authorization vulnerability in Post Grid Team by RadiusTheme The Post Grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Post Grid: from n/a through 7.7.4.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 5.4

    MEDIUM
    CVE-2024-37502

    Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login.This issue affects WooCommerce Social Login: from n/a through 2.6.3.... Read more

    Affected Products :
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-0581

    A vulnerability classified as problematic has been found in CampCodes School Management Software 1.0. This affects an unknown part of the file /chat/group/send of the component Chat History. The manipulation of the argument message leads to cross site scr... Read more

    Affected Products : school_management_software
    • Published: Jan. 20, 2025
    • Modified: Jan. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-2797

    The Woffice Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.4.21. This is due to missing or incorrect nonce validation on the 'woffice_handle_user_approval_actions' function. This makes it poss... Read more

    Affected Products : woffice
    • Published: Apr. 04, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2024-10584

    The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16 due to insufficient input sanitization and output escapin... Read more

    Affected Products : directorypress
    • Published: Dec. 24, 2024
    • Modified: Dec. 24, 2024

  • 5.4

    MEDIUM
    CVE-2014-6880

    The TradeHero (aka com.tradehero.th) application 2.2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : tradehero
    • EPSS Score: %0.04
    • Published: Oct. 02, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 292321 Results