Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2014-6710

    The Chifro Kids Coloring Game (aka com.chifro.kids_coloring_game) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted cer... Read more

    Affected Products : chifro_kids_coloring_game
    • Published: Sep. 25, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6905

    The H2O Human Harmony Organization (aka com.netpia.ha.theh2o) application 1.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certi... Read more

    Affected Products : h2o_human_harmony_organization
    • Published: Oct. 03, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7364

    The Promotional Items (aka com.wPromotionalItems) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : promotional_items
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7686

    The So. Co. Business Partnership (aka com.ChamberMe.SCBPSOUTHERNCO) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted c... Read more

    Affected Products : so._co._business_partnership
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2019-19968

    PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content... Read more

    Affected Products : pandora_fms
    • Published: Feb. 04, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-3931

    Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to inject arbitrary web script or HTML via the property_name parameter, related... Read more

    Affected Products : jomres
    • Published: Jan. 02, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-31375

    Missing Authorization vulnerability in Saleswonder.Biz Team WP2LEADS.This issue affects WP2LEADS: from n/a through 3.2.7. ... Read more

    Affected Products :
    • Published: Apr. 08, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-7655

    The Dresden Transport Museum (aka de.appack.project.vmd) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : dresden_transport_museum
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2017-1115

    IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 121153.... Read more

    Affected Products : campaign
    • Published: Sep. 07, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-5683

    The Piano Teacher (aka com.rubycell.pianisthd) application 20140730 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : piano_teacher
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2020-15038

    The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS.... Read more

    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-7640

    The Hotel Room (aka com.wHotelRoom) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : hotel_room
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2023-0418

    The Video Central for WordPress plugin through 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perf... Read more

    Affected Products : video_central
    • Published: Apr. 24, 2023
    • Modified: Feb. 04, 2025

  • 5.4

    MEDIUM
    CVE-2014-7470

    The I Know the Movie (aka com.guilardi.jesaislefilm2) application jesais_film_android_1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a cra... Read more

    Affected Products : i_know_the_movie
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7509

    The A Very Short History of Japan (aka com.ireadercity.c51) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certifi... Read more

    Affected Products : a_very_short_history_of_japan
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-36194

    Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter.... Read more

    Affected Products : centreon
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-4891

    The CT iHub (aka com.concursive.ctihub) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : ct_ihub
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2018-16205

    Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via New Page modal.... Read more

    Affected Products : growi
    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-5835

    The Club Personal (aka com.globant.clubpersonal) application 2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : club_personal
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5979

    The TV Bengali Open Directory (aka com.TVBengali) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : tv_bengali_open_directory
    • Published: Sep. 20, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293605 Results