Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-27930

    Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which allows an authenticated (or compromised) user to inject malicious JavaScript in folder/file name within the application in order to grab other users’ sessions or execute malicious code ... Read more

    Affected Products : irisnext
    • Published: Jul. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-31613

    BOSSCMS v3.10 is vulnerable to Cross Site Request Forgery (CSRF) in name="head_code" or name="foot_code."... Read more

    Affected Products : bosscms
    • Published: Jun. 10, 2024
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2014-6699

    The Weather Channel (aka com.weather.Weather) application 5.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : weather_channel
    • Published: Sep. 24, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6700

    The NBA Game Time 2013-2014 (aka com.nbadigital.gametimelite) application 4.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certif... Read more

    Affected Products : nba_game_time_2013-2014
    • Published: Sep. 24, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6734

    The Wine Making (aka com.gcspublishing.winemakingtalk) application 3.7.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate... Read more

    Affected Products : wine_making
    • Published: Sep. 27, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6744

    The Al-Ahsa News (aka com.alahsa.news) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : al-ahsa_news
    • Published: Sep. 27, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2021-28054

    An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A Stored Cross-Site Scripting (XSS) issue in "Configuration > Hosts" allows remote authenticated users to inject arbitrary web script or HTML via the Alias parameter.... Read more

    Affected Products : centreon
    • Published: Jul. 16, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-35284

    A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation.... Read more

    Affected Products : micontact_center_business
    • Published: May. 29, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2024-0226

    Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerability through a specially crafted payload.... Read more

    Affected Products : seeker
    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-4094

    The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : simple_share_buttons_adder
    • Published: Jun. 18, 2024
    • Modified: Mar. 18, 2025

  • 5.4

    MEDIUM
    CVE-2022-2040

    The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : brizy-page_builder brizy
    • Published: Jun. 27, 2022
    • Modified: Jan. 16, 2025

  • 5.4

    MEDIUM
    CVE-2022-24869

    GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can use ticket's followups or setup login messages with a stylesheet link. This may... Read more

    Affected Products : glpi
    • Published: Apr. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-3192

    Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.... Read more

    Affected Products : froxlor
    • Published: Jun. 11, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-42993

    Password Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Setup page.... Read more

    Affected Products : password_storage_application
    • Published: Oct. 27, 2022
    • Modified: May. 12, 2025

  • 5.4

    MEDIUM
    CVE-2025-22696

    Missing Authorization vulnerability in EmbedPress Document Block – Upload & Embed Docs. This issue affects Document Block – Upload & Embed Docs: from n/a through 1.1.0.... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-22888

    Movable Type contains a stored cross-site scripting vulnerability in the custom block edit page of MT Block Editor. If exploited, an arbitrary script may be executed on a logged-in user's web browser.... Read more

    Affected Products :
    • Published: Feb. 19, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2014-6760

    The Harem Thief Dating (aka com.haremthief.haremthief) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : harem_thief_dating
    • Published: Sep. 28, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2025-25145

    Cross-Site Request Forgery (CSRF) vulnerability in jordan.hatch Infusionsoft Analytics allows Cross Site Request Forgery. This issue affects Infusionsoft Analytics: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-25958

    Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script.... Read more

    Affected Products : phpcms
    • Published: Feb. 20, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2023-37304

    An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature.... Read more

    Affected Products : mediawiki
    • Published: Jun. 30, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293562 Results