Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-1564

    The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode... Read more

    Affected Products : schema schema_pro
    • Published: Mar. 25, 2024
    • Modified: Jun. 27, 2025

  • 4.3

    MEDIUM
    CVE-2024-45604

    Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerabili... Read more

    Affected Products : contao
    • Published: Sep. 17, 2024
    • Modified: Sep. 25, 2024

  • 4.3

    MEDIUM
    CVE-2014-4571

    Multiple cross-site scripting (XSS) vulnerabilities in vncal.js.php in the VN-Calendar plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fs or (2) w parameter.... Read more

    Affected Products : vn-calendar
    • Published: Jul. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2022-2123

    The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails.... Read more

    Affected Products : wp_opt-in
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-4649

    IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. IBM X-Force ID: 186022.... Read more

    • Published: Nov. 03, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-5457

    Multiple cross-site scripting (XSS) vulnerabilities in the registration form in Casinosoft Casino Script (Masvet) 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) surname field.... Read more

    Affected Products : casino_script
    • Published: Oct. 23, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-4674

    IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287.... Read more

    Affected Products : workload_automation
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-4526

    IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436.... Read more

    • Published: Sep. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-4665

    IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting t... Read more

    Affected Products : sterling_file_gateway
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-3894

    The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete ... Read more

    Affected Products : oauth_server
    • Published: Mar. 20, 2023
    • Modified: Feb. 26, 2025

  • 4.3

    MEDIUM
    CVE-2018-21253

    An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31944

    Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerce UPS Shipping – Live Rates and Access Points.This issue affects WooCommerce UPS Shipping – Live Rates and Access Points: from n/a through 2.2.4. ... Read more

    Affected Products :
    • Published: Apr. 10, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-23173

    The affected product is vulnerable to an improper access control, which may allow an authenticated user to gain unauthorized access to sensitive data.... Read more

    Affected Products : engage
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-2292

    Cross-site scripting (XSS) vulnerability in the Ping tools web interface in Dlink Di-604 router allows remote attackers to inject arbitrary web script or HTML via the IP field.... Read more

    Affected Products : di-604
    • Published: Jun. 15, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4395

    Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter.... Read more

    Affected Products : owncloud owncloud_server
    • Published: Sep. 05, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-6023

    Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application 'Address'.... Read more

    Affected Products : office
    • Published: Dec. 26, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-1899

    Multiple cross-site scripting (XSS) vulnerabilities in CA eHealth 6.0.x, 6.1.x, 6.2.1, and 6.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.... Read more

    Affected Products : ehealth
    • Published: May. 16, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-6646

    Cross-site scripting (XSS) vulnerability in index.php in CoronaMatrix phpAddressBook 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter.... Read more

    Affected Products : phpaddressbook
    • Published: Apr. 07, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-20870

    An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post's file ID.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-4552

    Cross-site scripting (XSS) vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.... Read more

    Affected Products : miniweb
    • Published: Jan. 04, 2010
    • Modified: Apr. 09, 2025
Showing 20 of 294516 Results