Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2012-0822

    Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0820.... Read more

    Affected Products : joomla\!
    • Published: Sep. 06, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2025-48243

    Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi reCAPTCHA for all allows Cross Site Request Forgery. This issue affects reCAPTCHA for all: from n/a through 2.26.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-1528

    The Search & Filter Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_meta_values' function in all versions up to, and including, 2.5.19. This makes it possible for authenticated attackers,... Read more

    Affected Products : search_\&_filter
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2012-6045

    Cross-site scripting (XSS) vulnerability in gb/user/index.php in Ramui Forum, possibly 1.0 Beta, allows remote attackers to inject arbitrary web script or HTML via the query parameter.... Read more

    Affected Products : ramui_forum
    • Published: Nov. 27, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2021-37532

    SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User.... Read more

    Affected Products : business_one
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-27282

    In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently unusable by uploading specially crafted configuration file... Read more

    Affected Products : hamilton-t1_firmware hamilton-t1
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-2118

    Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID C... Read more

    Affected Products : prime_security_manager
    • Published: Mar. 27, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-3520

    The Country State City Dropdown CF7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tc_csca_patch_settings function in all versions up to, and including, 2.7.1. This makes it possible for au... Read more

    Affected Products :
    • Published: May. 02, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-34085

    When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request ... Read more

    Affected Products : pingfederate
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-44548

    There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing.... Read more

    Affected Products : emui harmonyos
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 4.3

    MEDIUM
    CVE-2023-1339

    The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated... Read more

    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-11353

    The SMS for Lead Capture Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_message() function in all versions up to, and including, 1.1.0. This makes it possible for authenticated... Read more

    Affected Products :
    • Published: Dec. 07, 2024
    • Modified: Dec. 07, 2024

  • 4.3

    MEDIUM
    CVE-2014-3547

    Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via an external badge.... Read more

    Affected Products : moodle
    • Published: Jul. 29, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-7941

    An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.... Read more

    Affected Products : microscada_x_sys600
    • Published: Aug. 27, 2024
    • Modified: Oct. 30, 2024

  • 4.3

    MEDIUM
    CVE-2021-38378

    OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's name.... Read more

    Affected Products : open-xchange_appsuite ox_app_suite
    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-0463

    Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x before 4.7.x-1.2 and 5.x before 5.x-1.2 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving node properties.... Read more

    Affected Products : workflow
    • Published: Jan. 25, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-41657

    Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker.... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2022-45369

    Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on WordPress.... Read more

    Affected Products : plugin_for_google_reviews
    • Published: Nov. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-2088

    ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter.... Read more

    Affected Products : asp.net
    • Published: May. 27, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-30723

    Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.... Read more

    Affected Products : android dex
    • Published: Jun. 07, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294319 Results