Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-38752

    Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as"non-disclosure" in the system settings.... Read more

    • Published: Aug. 09, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-3687

    Multiple cross-site scripting (XSS) vulnerabilities in Sonexis ConferenceManager 9.2.11.0 allow remote attackers to inject arbitrary web script or HTML via (1) the txtConferenceID parameter to HostLogin.asp, (2) the txtConferenceID parameter to Participan... Read more

    Affected Products : conferencemanager
    • Published: Sep. 27, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-0558

    Cross-site scripting (XSS) vulnerability in Uniwin eCart Professional before 2.0.16 allows remote attackers to inject arbitrary web script or HTML via the rp parameter to cartView.asp and unspecified other components. NOTE: the provenance of this informa... Read more

    Affected Products : ecart_professional
    • Published: Feb. 04, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-53341

    Missing Authorization vulnerability in Themovation Stratus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Stratus: from n/a through 4.2.5.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2010-0963

    Cross-site scripting (XSS) vulnerability in index.php in dl Download Ticket Service before 0.7 allows remote attackers to inject arbitrary web script or HTML via the t parameter, related to an invalid ticket ID. NOTE: some of these details are obtained f... Read more

    Affected Products : dl
    • Published: Mar. 16, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2021-4416

    The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.1. This is due to missing or incorrect nonce validation on the mpdf_admin_savepost() function. This makes it possible for unauthenticated at... Read more

    Affected Products : wp-mpdf
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-30683

    Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call endCall API without permission.... Read more

    Affected Products : android android dex
    • Published: Aug. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-26845

    A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors.... Read more

    Affected Products : opencats
    • Published: Apr. 11, 2023
    • Modified: Feb. 10, 2025

  • 4.3

    MEDIUM
    CVE-2008-6144

    Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3... Read more

    • Published: Feb. 16, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-54671

    Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide oik allows Cross Site Request Forgery. This issue affects oik: from n/a through 4.15.2.... Read more

    Affected Products : oik
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2008-6200

    Multiple cross-site scripting (XSS) vulnerabilities in Swiki 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the query string and (2) a new wiki entry.... Read more

    Affected Products : swiki
    • Published: Feb. 20, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-32282

    Cross-Site Request Forgery (CSRF) vulnerability in ShareThis ShareThis Dashboard for Google Analytics. This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.2.2.... Read more

    Affected Products : dashboard_for_google_analytics
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-54675

    Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH WooCommerce Popup allows Cross Site Request Forgery. This issue affects YITH WooCommerce Popup: from n/a through 1.48.0.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2011-4033

    Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to cause a denial of service via uns... Read more

    • Published: Dec. 02, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2025-0278

    HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests.... Read more

    Affected Products : traveler
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2023-4796

    The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_option' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. This makes it possib... Read more

    Affected Products : booster_for_woocommerce
    • Published: Oct. 20, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-36758

    The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. This is due to missing or incorrect nonce validation on the save_feedzy_post_type_meta() function. This makes it possibl... Read more

    Affected Products : rss_aggregator_by_feedzy
    • Published: Oct. 20, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-0094

    Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable denial of service via adjacent network access.... Read more

    • Published: May. 17, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-6571

    Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors.... Read more

    Affected Products : linpha
    • Published: Mar. 31, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-24419

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability t... Read more

    Affected Products : commerce commerce_b2b
    • Published: Feb. 11, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization
Showing 20 of 294420 Results