Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2022-22702

    PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration.... Read more

    Affected Products : partkeepr
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-45203

    Improper authorization in handler for custom URL scheme issue in "@cosme" App for Android versions prior 5.69.0 and "@cosme" App for iOS versions prior to 6.74.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a... Read more

    Affected Products : \@cosme
    • Published: Sep. 09, 2024
    • Modified: Mar. 13, 2025

  • 4.3

    MEDIUM
    CVE-2008-0914

    Multiple cross-site scripting (XSS) vulnerabilities in the Mediation server in IPdiva SSL VPN Server 2.2 before 2.2.8.84 and 2.3 before 2.3.2.14 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : ipdiva
    • Published: Feb. 22, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-30546

    Cross-Site Request Forgery (CSRF) vulnerability in boroV Cackle allows Cross Site Request Forgery. This issue affects Cackle: from n/a through 4.33.... Read more

    Affected Products :
    • Published: Mar. 24, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2022-32273

    As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server.... Read more

    Affected Products : metadefender
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-31927

    An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify any existing user, including users assigned to different environments and clients. It was fixed in ... Read more

    Affected Products : loyalty_experience_platform
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-2298

    The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_import_product() function in all versions up to, and including, 3.5.4. This makes it possible for au... Read more

    Affected Products : affiliate-toolkit
    • Published: Mar. 08, 2024
    • Modified: Jan. 15, 2025

  • 4.3

    MEDIUM
    CVE-2022-45164

    An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel (delete) a booking, created by someone else - even if this basic user is not a member of the booking... Read more

    Affected Products : archibus_web_central web_central
    • Published: Jan. 10, 2023
    • Modified: May. 30, 2025

  • 4.3

    MEDIUM
    CVE-2017-1768

    IBM Security Guardium Big Data Intelligence (SonarG) 3.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 136471.... Read more

    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-0974

    Cross-site scripting (XSS) vulnerability in failure.asp in Battleaxe bttlxeForum 2.0 allows remote attackers to inject arbitrary web script or HTML via the err_txt parameter.... Read more

    Affected Products : bttlxeforum
    • Published: Mar. 03, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-0328

    The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Librar... Read more

    Affected Products : wpcode
    • Published: Mar. 06, 2023
    • Modified: Mar. 06, 2025

  • 4.3

    MEDIUM
    CVE-2014-9020

    Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-20... Read more

    Affected Products : zxdsl_831 zxdsl_831cii
    • Published: Nov. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-2195

    Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name... Read more

    • Published: May. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2023-46447

    The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE.... Read more

    Affected Products : rebel
    • Published: Jan. 20, 2024
    • Modified: Jun. 20, 2025

  • 4.3

    MEDIUM
    CVE-2022-24902

    TkVideoplayer is a simple library to play video files in tkinter. Uncontrolled memory consumption in versions of TKVideoplayer prior to 2.0.0 can theoretically lead to performance degradation. There are no known workarounds. This issue has been patched an... Read more

    Affected Products : tkvideoplayer
    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-0467

    Unspecified vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Manager component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote attackers to affect integrity via unknown vectors related to Security.... Read more

    Affected Products : peoplesoft_products
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-0321

    Cross-site scripting (XSS) vulnerability in jobs/index.php in Jamit Job Board 3.0 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter.... Read more

    Affected Products : jamit_job_board
    • Published: Jan. 15, 2010
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-49973

    Missing Authorization vulnerability in GrandPlugins Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Sizes Controller, Create Custom Im... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025

  • 4.3

    MEDIUM
    CVE-2012-6642

    Cross-site scripting (XSS) vulnerability in ClipBucket 2.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter to view_channel.php. NOTE: the provenance of this information is unknown; the details are obtained solely fro... Read more

    Affected Products : clipbucket
    • Published: Apr. 08, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2003-1100

    Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allow remote attackers to inject arbitrary web script or HTML via certain vectors.... Read more

    Affected Products : cyberdocs
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 294605 Results