Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-0901

    Cross-site scripting (XSS) vulnerability in the duwasai flashy theme 1.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : flashy
    • Published: Mar. 31, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2022-2389

    The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, suc... Read more

    Affected Products : funnelkit_automations
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-31596

    Missing Authorization vulnerability in Chatwee Chat by Chatwee allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Chat by Chatwee: from n/a through 2.1.3.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-53268

    Cross-Site Request Forgery (CSRF) vulnerability in ryanpcmcquen Import external attachments allows Cross Site Request Forgery. This issue affects Import external attachments: from n/a through 1.5.12.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2012-1636

    Cross-site request forgery (CSRF) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of users for requests that delete stickynotes via unspecified vectors.... Read more

    Affected Products : drupal stickynote
    • Published: Oct. 01, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2025-31830

    Missing Authorization vulnerability in Uriahs Victor Printus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printus: from n/a through 1.2.6.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-31305

    Cross-Site Request Forgery (CSRF) vulnerability in rtCamp Transcoder.This issue affects Transcoder: from n/a through 1.3.5. ... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-51692

    Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1. ... Read more

    Affected Products : customer_reviews_for_woocommerce
    • Published: Feb. 28, 2024
    • Modified: Feb. 05, 2025

  • 4.3

    MEDIUM
    CVE-2014-2114

    Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384.... Read more

    Affected Products : emergency_responder
    • Published: Apr. 04, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-1161

    Cross-site scripting (XSS) vulnerability in call_entry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problem_desc parameter, as demonstrated by the ONLOAD attribute of a BODY element.... Read more

    Affected Products : call_center_software
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-2669

    Multiple cross-site scripting (XSS) vulnerabilities in Pre Shopping Mall 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter in search.php (the "search box"), (2) the prodid parameter in detail.php, and the (3) c... Read more

    Affected Products : pre_shopping_mall
    • Published: May. 30, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-3516

    Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different... Read more

    Affected Products : presenter
    • Published: Aug. 13, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-1132

    Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) message and (2) title fields.... Read more

    Affected Products : mtcms
    • Published: Feb. 27, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-20856

    Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physical attackers to access Secure Folder without proper authentication in a specific scenario.... Read more

    Affected Products : android android dex
    • Published: May. 07, 2024
    • Modified: Feb. 07, 2025

  • 4.3

    MEDIUM
    CVE-2009-3915

    Cross-site scripting (XSS) vulnerability in the "Separate title and URL" formatter in the Link module 5.x before 5.x-2.6 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the link title field.... Read more

    Affected Products : drupal link
    • Published: Nov. 09, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-31376

    Missing Authorization vulnerability in Mayeenul Islam NanoSupport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NanoSupport: from n/a through 0.6.0.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-47614

    Cross-Site Request Forgery (CSRF) vulnerability in Chris Clark LessButtons Social Sharing and Statistics allows Cross Site Request Forgery. This issue affects LessButtons Social Sharing and Statistics: from n/a through 1.6.1.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-28909

    Cross-Site Request Forgery (CSRF) vulnerability in edwardw WP No-Bot Question allows Cross Site Request Forgery. This issue affects WP No-Bot Question: from n/a through 0.1.7.... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-30521

    Cross-Site Request Forgery (CSRF) vulnerability in giangmd93 GP Back To Top allows Cross Site Request Forgery. This issue affects GP Back To Top: from n/a through 3.0.... Read more

    Affected Products :
    • Published: Mar. 24, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2023-28165

    Missing Authorization vulnerability in Tech Banker Backup Bank: WordPress Backup Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup Bank: WordPress Backup Plugin: from n/a through 4.0.28.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024
Showing 20 of 294530 Results