Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-5108

    Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/download_file.... Read more

    Affected Products : concrete_cms concrete5
    • Published: Jul. 28, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4578

    Cross-site scripting (XSS) vulnerability in asset-studio/icons-launcher.php in the WP App Maker plugin 1.0.16.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the uid parameter.... Read more

    Affected Products : wp_app_maker
    • Published: Jul. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-36747

    The Lightweight Sidebar Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the metabox_save() function. This makes it possible for unaut... Read more

    Affected Products : lightweight_sidebar_manager
    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-2080

    The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.76 via the poller_list shortcode. This makes it possible for authenticated attackers, ... Read more

    Affected Products :
    • Published: Mar. 22, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-7288

    Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs.... Read more

    Affected Products : mybb
    • Published: Jan. 10, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-5336

    Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT) is enabled and custom error messages are set, allows remote attackers to cause a denial of service (file descriptor consumption) via an HTTP request that triggers an error message.... Read more

    Affected Products : monkey monkey_http_daemon
    • Published: Aug. 26, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4694

    Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via unspecified variables.... Read more

    Affected Products : pfsense suricata_package
    • Published: Jul. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4635

    Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : documentum_wdk
    • Published: Jan. 07, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-36749

    The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthentic... Read more

    Affected Products : easy_testimonials
    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-4543

    Multiple cross-site scripting (XSS) vulnerabilities in payper/payper.php in the Pay Per Media Player plugin 1.24 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fcolor, (2) links, (3) stitle, (4) height,... Read more

    Affected Products : pay_per_media_player
    • Published: Jul. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-3449

    A vulnerability in the Border Gateway Protocol (BGP) additional paths feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent authorized users from monitoring the BGP status and cause the BGP process to stop processing ... Read more

    Affected Products : ios_xr
    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-5344

    Multiple cross-site scripting (XSS) vulnerabilities in the Mobiloud (mobiloud-mobile-app-plugin) plugin before 2.3.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obta... Read more

    Affected Products : mobiloud
    • Published: Aug. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-5839

    Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Oracle Java Web Console.... Read more

    Affected Products : sunos solaris
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-6076

    IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site.... Read more

    • Published: Dec. 18, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-5159

    WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element.... Read more

    Affected Products : iphone_os
    • Published: Sep. 19, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-5237

    Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images v... Read more

    Affected Products : open-xchange_appsuite app_suite
    • Published: Dec. 01, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-36699

    The Quick Page/Post Redirect Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the qppr_save_quick_redirect_ajax and qppr_delete_quick_redirect functions in versions up to, and including, 5.1.9. This makes it p... Read more

    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-3714

    The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site.... Read more

    Affected Products : safari
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-32333

    TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page.... Read more

    Affected Products : n300rt_firmware n300rt
    • Published: Apr. 18, 2024
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-7186

    Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger (1) a download or (2) cached profile-data reading via a file: URL in a saved HTML document.... Read more

    Affected Products : android firefox
    • Published: Nov. 05, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 294125 Results