Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-33215

    Missing Authorization vulnerability in Tagbox Taggbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taggbox: from n/a through 3.3.... Read more

    Affected Products : taggbox
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 5.4

    MEDIUM
    CVE-2023-32581

    Missing Authorization vulnerability in MobileMonkey WP-Chatbot for Messenger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Chatbot for Messenger: from n/a through 4.7.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 5.4

    MEDIUM
    CVE-2023-35046

    Missing Authorization vulnerability in Dynamic.ooo Dynamic Visibility for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamic Visibility for Elementor: from n/a through 5.0.5.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 5.4

    MEDIUM
    CVE-2023-31456

    There is an SSRF vulnerability in the Fluid Topics platform that affects versions prior to 4.3, where the server can be forced to make arbitrary requests to internal and external resources by an authenticated user.... Read more

    Affected Products :
    • Published: Jul. 16, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-29376

    An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries.... Read more

    Affected Products : sitefinity
    • Published: Apr. 10, 2023
    • Modified: Feb. 11, 2025

  • 5.4

    MEDIUM
    CVE-2019-15814

    Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML.... Read more

    Affected Products : sentrifugo sentrifugo
    • Published: Sep. 04, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-4649

    Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1.... Read more

    Affected Products : instantcms icms2
    • Published: Aug. 31, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-46475

    A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code.... Read more

    Affected Products : zentao
    • Published: Nov. 02, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-19206

    Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture.... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-0705

    Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.... Read more

    Affected Products : pimcore
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-30921

    Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component.... Read more

    Affected Products : derbynet
    • Published: Apr. 18, 2024
    • Modified: Apr. 15, 2025

  • 5.4

    MEDIUM
    CVE-2015-5613

    Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612.... Read more

    Affected Products : october
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2014-6749

    The American Nurses Association (aka com.dub.poweredbydub.assoc.ana) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafte... Read more

    Affected Products : american_nurses_association
    • Published: Sep. 28, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6764

    The Assyrian (aka com.b2.assyrian.activity) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : assyrian
    • Published: Sep. 28, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2018-1394

    Multiple IBM Rational products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted... Read more

    • Published: Aug. 20, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-13869

    An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name.... Read more

    Affected Products : comments
    • Published: Jun. 05, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-6896

    The Yik Yak (aka com.yik.yak) application 2.0.002 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : yik_yak
    • Published: Oct. 03, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2023-24204

    SQL injection vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitrary code via the name parameter in get-quote.php.... Read more

    • Published: May. 14, 2024
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2022-35134

    Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability.... Read more

    Affected Products : iot_platform
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 5.4

    MEDIUM
    CVE-2022-35221

    Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocat... Read more

    Affected Products : team\+_pro
    • Published: Aug. 02, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293414 Results