Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2011-5285

    Multiple cross-site scripting (XSS) vulnerabilities in BugFree 2.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the ActionType parameter to Bug.php, the ReportMode parameter to (2) Report.php or (3) ReportLeft.php, or the PATH_I... Read more

    Affected Products : bugfree
    • Published: Jan. 01, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-1339

    The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the reinitialize function. This makes it possib... Read more

    • Published: Feb. 29, 2024
    • Modified: Dec. 31, 2024

  • 4.3

    MEDIUM
    CVE-2024-42487

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Ga... Read more

    Affected Products : cilium
    • Published: Aug. 15, 2024
    • Modified: Sep. 30, 2024

  • 4.3

    MEDIUM
    CVE-2012-2575

    Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message.... Read more

    Affected Products : surgemail
    • Published: Sep. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-6945

    Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mv_order_item CGI variable parameter in Core, (2) the cou... Read more

    Affected Products : interchange
    • Published: Aug. 12, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-2033

    The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the get_assign_host_id AJAX action. This makes it possible for authenticated attackers, with subscriber a... Read more

    Affected Products : video_conferencing_with_zoom
    • Published: Apr. 09, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-6035

    Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2-STABLE allows remote attackers to inject arbitrary web script or HTML via the atknodetype parameter.... Read more

    Affected Products : achievo
    • Published: Feb. 03, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-3862

    CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a... Read more

    Affected Products : c-cda
    • Published: Sep. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-4086

    The CM Tooltip Glossary – Powerful Glossary Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.11. This is due to missing or incorrect nonce validation when saving settings. This makes it poss... Read more

    Affected Products :
    • Published: May. 02, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-5132

    Avolve Software ProjectDox 8.1 allows remote attackers to enumerate users via vectors related to email addresses.... Read more

    Affected Products : projectdox
    • Published: Mar. 27, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-1032

    Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker module 3.x before 3.4.5 for EPiServer allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the det... Read more

    Affected Products : episerver euroling_siteseeker
    • Published: Sep. 17, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-38485

    Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. A remote low-privileged attacker could potentially exploit this vulnerability to trigger redirections that leads to sensitive information leakage.... Read more

    Affected Products : elastic_cloud_storage
    • Published: Dec. 09, 2024
    • Modified: Feb. 04, 2025

  • 4.3

    MEDIUM
    CVE-2024-43157

    Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.10.... Read more

    Affected Products : formcraft
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 4.3

    MEDIUM
    CVE-2024-1504

    The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupress_blackhole_ban_ip() function. This... Read more

    Affected Products : secupress
    • Published: Apr. 02, 2024
    • Modified: Aug. 15, 2025

  • 4.3

    MEDIUM
    CVE-2024-1158

    The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyforms_new_page fun... Read more

    Affected Products : buddyforms
    • Published: Mar. 13, 2024
    • Modified: Mar. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-38714

    Missing Authorization vulnerability in Epsiloncool WP Fast Total Search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Fast Total Search: from n/a through 1.68.232.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 4.3

    MEDIUM
    CVE-2023-5902

    Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.... Read more

    Affected Products : pkp_web_application_library
    • Published: Nov. 07, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-6074

    Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allows remote attackers to inject arbitrary web script or HTML via an attached SVG file.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Nov. 20, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-10035

    Multiple cross-site scripting (XSS) vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to inject arbitrary web script or HTML via the (1) sEcho parameter to comments_paginate.php or (2) stores_paginate.php or the (3) a... Read more

    Affected Products : couponphp
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2023-36466

    Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched ... Read more

    Affected Products : discourse
    • Published: Jul. 14, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294836 Results