Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2008-0914

    Multiple cross-site scripting (XSS) vulnerabilities in the Mediation server in IPdiva SSL VPN Server 2.2 before 2.2.8.84 and 2.3 before 2.3.2.14 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : ipdiva
    • Published: Feb. 22, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-6465

    Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs.... Read more

    Affected Products : mattermost_server
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2007-4555

    Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows remote attackers to inject arbitrary web script or HTML via arguments to a valid command, which is not properly handled when it is displayed by the view log option in the administration in... Read more

    Affected Products : ws_ftp
    • Published: Aug. 28, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2022-32273

    As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server.... Read more

    Affected Products : metadefender
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-2744

    Cross-site scripting (XSS) vulnerability in the Search app in Gaia in Mozilla Firefox OS before 2.2 allows remote attackers to inject arbitrary HTML via a crafted search link that is mishandled after re-opening the browser or opening the tab view.... Read more

    Affected Products : firefox_os
    • Published: Aug. 08, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2764

    Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-DATA before 8.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the DSS (1) Mobile or (2) DLP report catalog.... Read more

    Affected Products : triton_ap_data
    • Published: Mar. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2025-48243

    Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi reCAPTCHA for all allows Cross Site Request Forgery. This issue affects reCAPTCHA for all: from n/a through 2.26.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2014-3830

    Cross-site scripting (XSS) vulnerability in info.php in TomatoCart 1.1.8.6.1 allows remote attackers to inject arbitrary web script or HTML via the faqs_id parameter.... Read more

    Affected Products : tomatocart
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9453

    Multiple cross-site scripting (XSS) vulnerabilities in simple-visitor-stat.php in the Simple visitor stat plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP User-Agent or (2) HTTP Referer header.... Read more

    Affected Products : simple_visitor_stat
    • Published: Jan. 02, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-0093

    Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0071.... Read more

    Affected Products : fusion_middleware
    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-10488

    CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a news article via a crafted request.... Read more

    Affected Products : phpkb
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-33925

    Missing Authorization vulnerability in Adrian Mörchen Embed Google Fonts.This issue affects Embed Google Fonts: from n/a through 3.1.0. ... Read more

    Affected Products :
    • Published: May. 03, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-45270

    WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause ... Read more

    Affected Products : carousel_slider
    • Published: Sep. 02, 2024
    • Modified: Mar. 13, 2025

  • 4.3

    MEDIUM
    CVE-2015-4725

    Cross-site scripting (XSS) vulnerability in forgot.php in AudioShare 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the email parameter.... Read more

    Affected Products : audioshare
    • Published: Jun. 23, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-27282

    In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently unusable by uploading specially crafted configuration file... Read more

    Affected Products : hamilton-t1_firmware hamilton-t1
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-42339

    CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor... Read more

    Affected Products : identity
    • Published: Aug. 25, 2024
    • Modified: Aug. 30, 2024

  • 4.3

    MEDIUM
    CVE-2024-23503

    Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.6.... Read more

    Affected Products : ninja_tables
    • Published: Jun. 11, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-0442

    Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in an editsig acti... Read more

    Affected Products : mybb
    • Published: Jan. 26, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2012-5314

    Cross-site scripting (XSS) vulnerability in ViewGit 0.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the f parameter.... Read more

    Affected Products : viewgit
    • Published: Oct. 08, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-0967

    A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Enterprise Security Manager (ESM). The vulnerability could be remotely exploited.... Read more

    Affected Products :
    • Published: Mar. 01, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293680 Results