Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-3764

    The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.90. This is due to missing or incorrect nonce validation on the Save function. This makes it possible for unauthenti... Read more

    Affected Products : woocommerce_pdf_invoice_builder
    • Published: Aug. 31, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-1701

    The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attacker... Read more

    Affected Products : chrome
    • Published: Mar. 16, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2022-3288

    A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected.... Read more

    Affected Products : gitlab
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 4.3

    MEDIUM
    CVE-2011-4353

    The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.... Read more

    Affected Products : ffmpeg libav
    • Published: Aug. 20, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-6857

    Cross-site scripting (XSS) vulnerability in modules/credits/credits.php in Docebo LMS allows remote attackers to inject arbitrary web script or HTML via the lang parameter.... Read more

    Affected Products : docebolms docebolms
    • Published: Dec. 31, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-3408

    The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'save_settings' function. This makes it possible for unauthenticated attackers ... Read more

    Affected Products : bricks
    • Published: Aug. 17, 2024
    • Modified: Sep. 13, 2024

  • 4.3

    MEDIUM
    CVE-2006-4949

    Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profile Directory (profile_pages.module) before 1.1.2.1 and the Drupal 4.7 Site Profile Directory (profile_pages.module) before 1.2.2.1 allows remote attackers to inject arbitrary web script ... Read more

    Affected Products : site_profile_directory_module
    • Published: Sep. 23, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-4941

    Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php.... Read more

    Affected Products : moodle
    • Published: Sep. 23, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2014-2242

    includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks via ... Read more

    Affected Products : mediawiki
    • Published: Mar. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2017-0159

    A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka "ADFS Security Feature Bypass Vulnerability."... Read more

    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2007-0175

    Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter.... Read more

    Affected Products : b2evolution
    • Published: Jan. 11, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-6977

    Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FreeTextBox allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag.... Read more

    Affected Products : freetextbox
    • Published: Feb. 08, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-6999

    attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter.... Read more

    Affected Products : deskpro
    • Published: Feb. 12, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-4747

    Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot TextAds allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in delete.php and (2) the error parameter in error.php.... Read more

    Affected Products : textads
    • Published: Sep. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-7002

    Cross-site scripting (XSS) vulnerability in add_comment.php in Wheatblog (wB) 1.1 allows remote attackers to inject arbitrary web script or HTML via the Email field. NOTE: the provenance of this information is unknown; the details are obtained solely fro... Read more

    Affected Products : wheatblog
    • Published: Feb. 12, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-8163

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead... Read more

    • Published: Oct. 17, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-8112

    A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.... Read more

    Affected Products : edge
    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-42438

    An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. Visiting a malicious website may lead to user interface spoofing.... Read more

    Affected Products : macos
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-3207

    Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1.... Read more

    Affected Products : sks_keyserver
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2018-1044

    In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings.... Read more

    Affected Products : moodle
    • Published: Jan. 22, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results