Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2021-4421

    The Advanced Popups plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the metabox_popup_save() function. This makes it possible for unauthentic... Read more

    Affected Products : advanced_popups
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-2271

    The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack... Read more

    Affected Products : tiempo
    • Published: Aug. 16, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-54732

    Cross-Site Request Forgery (CSRF) vulnerability in Shahjada WPDM – Premium Packages allows Cross Site Request Forgery. This issue affects WPDM – Premium Packages: from n/a through 6.0.2.... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2018-2366

    SAP Business Process Automation (BPA) By Redwood, 9.0, 9.1, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs.... Read more

    Affected Products : sap_business_process_automation
    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-21301

    Wire is an open-source collaboration platform. In Wire for iOS (iPhone and iPad) before version 3.75 there is a vulnerability where the video capture isn't stopped in a scenario where a user first has their camera enabled and then disables it. It's a priv... Read more

    Affected Products : wire
    • Published: Feb. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-45110

    Missing Authorization vulnerability in BoldThemes Bold Timeline Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bold Timeline Lite: from n/a through 1.1.9.... Read more

    Affected Products : bold_timeline_lite
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2013-0461

    Cross-site scripting (XSS) vulnerability in the virtual member manager (VMM) administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to i... Read more

    Affected Products : websphere_application_server
    • Published: Jan. 27, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-0857

    Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action.... Read more

    Affected Products : moinmoin moinmoin
    • Published: Feb. 08, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-5256

    Sonos Era 100 SMB2 Message Handling Integer Underflow Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos Era 100 smart speakers. Authentication is... Read more

    Affected Products : era_100_firmware era_100
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-4874

    The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated att... Read more

    Affected Products : bricks
    • Published: Jun. 22, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-1287

    A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally f... Read more

    Affected Products : php
    • Published: Mar. 06, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-2820

    Cross-site scripting (XSS) vulnerability in HotWebScripts.com Weblog Oggi 1.0 allows remote attackers to inject arbitrary web script or HTML via a comment, possibly involving a javascript URI in the SRC attribute of an IMG element.... Read more

    Affected Products : weblog_oggi
    • Published: Jun. 05, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2021-24570

    The Accept Donations with PayPal WordPress plugin before 1.3.1 offers a function to create donation buttons, which internally are posts. The process to create a new button is lacking a CSRF check. An attacker could use this to make an authenticated admin ... Read more

    Affected Products : accept_donations_with_paypal
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4005

    firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : firefly_iii
    • Published: Dec. 04, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-0254

    Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed ... Read more

    Affected Products : geronimo
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2025-54107

    Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025

  • 4.3

    MEDIUM
    CVE-2025-58976

    Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.31.... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-59005

    Missing Authorization vulnerability in frenify Categorify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Categorify: from n/a through 1.0.7.5.... Read more

    Affected Products : categorify
    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-34006

    The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered.... Read more

    Affected Products : moodle
    • Published: May. 31, 2024
    • Modified: May. 30, 2025

  • 4.3

    MEDIUM
    CVE-2024-24584

    Multiple out-of-bounds read vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.This vulnerabilitty co... Read more

    Affected Products : libigl
    • Published: May. 28, 2024
    • Modified: Feb. 11, 2025
Showing 20 of 294071 Results