Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-5793

    A vulnerability was found in flusity CMS and classified as problematic. This issue affects the function loadCustomBlocCreateForm of the file /core/tools/customblock.php of the component Dashboard. The manipulation of the argument customblock_place leads t... Read more

    Affected Products : fluisity flusity
    • Published: Oct. 26, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-4888

    The BattleFriends at Sea GOLD (aka com.tequilamobile.warshipslivegold) application 1.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a craf... Read more

    Affected Products : battlefriends_at_sea_gold
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-3612

    A vulnerability was found in SourceCodester Warehouse Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file barang.php. The manipulation of the argument nama_barang/merek leads t... Read more

    Affected Products : warehouse_management_system
    • Published: Apr. 11, 2024
    • Modified: Feb. 18, 2025

  • 5.4

    MEDIUM
    CVE-2024-1171

    The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery Widget in all versions up to, and including, 5.9.8 du... Read more

    Affected Products : essential_addons_for_elementor
    • Published: Feb. 29, 2024
    • Modified: Jan. 08, 2025

  • 5.4

    MEDIUM
    CVE-2024-37803

    Multiple stored cross-site scripting (XSS) vulnerabilities in CodeProjects Health Care hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname and lname parameters under the S... Read more

    • Published: Jun. 18, 2024
    • Modified: Mar. 18, 2025

  • 5.4

    MEDIUM
    CVE-2021-22524

    Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4... Read more

    Affected Products : access_manager netiq_access_manager
    • Published: Sep. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-37250

    Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.... Read more

    Affected Products : craft_cms
    • Published: Sep. 16, 2022
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-38507

    In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible... Read more

    Affected Products : hub
    • Published: Jun. 18, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-38503

    When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Request... Read more

    Affected Products : syncope
    • Published: Jul. 22, 2024
    • Modified: Dec. 06, 2024

  • 5.4

    MEDIUM
    CVE-2024-39094

    Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters.... Read more

    Affected Products : friendica
    • Published: Aug. 20, 2024
    • Modified: Mar. 13, 2025

  • 5.4

    MEDIUM
    CVE-2014-6909

    The Coca-Cola FM Peru (aka com.enyetech.radio.coca_cola.fm_pe) application 2.0.41716 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted ... Read more

    Affected Products : coca-cola_fm_peru
    • Published: Oct. 04, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2023-7136

    A vulnerability classified as problematic was found in code-projects Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /main/doctype.php of the component Document Type Handler. The manipulation of the arg... Read more

    Affected Products : record_management_system
    • Published: Dec. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-3971

    The Similarity WordPress plugin through 3.0 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack... Read more

    Affected Products : similarity
    • Published: Jun. 14, 2024
    • Modified: Mar. 13, 2025

  • 5.4

    MEDIUM
    CVE-2020-29145

    In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS via the name or description field to a solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group. In most test cases, session h... Read more

    • Published: Nov. 27, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-20781

    A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of a... Read more

    • Published: Apr. 06, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-20802

    A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validatio... Read more

    Affected Products : enterprise_chat_and_email
    • Published: May. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-3794

    The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX actions in versions up to, and including, 2.5.6. Authenticated users can use an easily available nonce value to create header templates and make additional c... Read more

    Affected Products : jeg_elementor_kit
    • Published: Dec. 22, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-2071

    A vulnerability, which was classified as problematic, has been found in SourceCodester FAQ Management System 1.0. Affected by this issue is some unknown functionality of the component Update FAQ. The manipulation of the argument Frequently Asked Question ... Read more

    Affected Products : faq_management_system
    • Published: Mar. 01, 2024
    • Modified: Dec. 31, 2024

  • 5.4

    MEDIUM
    CVE-2024-4293

    A vulnerability classified as problematic was found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file appointment-bwdates-reports-details.php. The manipulation of the argument fr... Read more

    • Published: Apr. 27, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-1213

    The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the esf_insta_save_ac... Read more

    Affected Products : easy_social_feed
    • Published: Mar. 21, 2024
    • Modified: Jan. 29, 2025
Showing 20 of 293602 Results