Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-3636

    A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks.... Read more

    Affected Products : moodle
    • Published: Apr. 25, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2014-9430

    Cross-site scripting (XSS) vulnerability in httpd/cgi-bin/vpn.cgi/vpnconfig.dat in Smoothwall Express 3.0 SP3 allows remote attackers to inject arbitrary web script or HTML via the COMMENT parameter in an Add action.... Read more

    Affected Products : smoothwall
    • Published: Dec. 31, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-37941

    Cross-Site Request Forgery (CSRF) vulnerability in Internal Link Juicer Internal Link Juicer: SEO Auto Linker for WordPress.This issue affects Internal Link Juicer: SEO Auto Linker for WordPress: from n/a through 2.24.3.... Read more

    Affected Products :
    • Published: Jul. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-10635

    Simulation models for KUKA.Sim Pro version 3.1 are hosted by a server maintained by KUKA. When these devices request a model, the server transmits the model in plaintext.... Read more

    Affected Products : sim_pro
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-33442

    An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php component.... Read more

    Affected Products : flusity
    • Published: May. 01, 2024
    • Modified: Mar. 25, 2025

  • 4.3

    MEDIUM
    CVE-2019-1003010

    A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record.... Read more

    Affected Products : openshift_container_platform git
    • Published: Feb. 06, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31942

    Cross-Site Request Forgery (CSRF) vulnerability in Typps Calendarista Basic Edition.This issue affects Calendarista Basic Edition: from n/a through 3.0.2. ... Read more

    Affected Products : calendarista
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-5916

    Cross-site scripting (XSS) vulnerability in falha.php in the Bradesco Gateway plugin 2.0 for Wordpress, as used in the WP e-Commerce plugin, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.... Read more

    Affected Products : bradesco_gateway
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2023-39961

    Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could... Read more

    Affected Products : nextcloud_server notes
    • Published: Aug. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-30155

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tu... Read more

    Affected Products : tuleap
    • Published: Mar. 31, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-27707

    Server Side Request Forgery (SSRF) vulnerability in hcengineering Huly Platform v.0.6.202 allows attackers to run arbitrary code via upload of crafted SVG file.... Read more

    Affected Products :
    • Published: Mar. 07, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-1742

    Cross-site scripting (XSS) vulnerability in projects.php in Scratcher allows remote attackers to inject arbitrary web script or HTML via the show parameter.... Read more

    Affected Products : scratcher
    • Published: May. 06, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-10273

    Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify... Read more

    Affected Products : manageengine_servicedesk_plus
    • Published: Apr. 04, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-10271

    An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the prof... Read more

    Affected Products : ultimate_member
    • Published: Jun. 24, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-9202

    The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.0.19. This makes it possible for authenticated at... Read more

    Affected Products : colormag
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2012-4889

    Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter ... Read more

    • Published: Sep. 10, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1712

    Multiple cross-site scripting (XSS) vulnerabilities in base/Comments.php in Webmobo WB News 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and possibly (2) message parameters. NOTE: some of these details are obtained... Read more

    Affected Products : wbnews
    • Published: May. 04, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-2049

    The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows remote attackers to obtain sensitive information via multiple crafted APOP commands for a known POP3 account, which displays the password in a POP3 error message.... Read more

    Affected Products : mail_server
    • Published: May. 01, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-24710

    Missing Authorization vulnerability in SlickRemix Feed Them Social.This issue affects Feed Them Social: from n/a through 4.2.0. ... Read more

    Affected Products : feed_them_social
    • Published: May. 03, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-5356

    Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter.... Read more

    Affected Products : getsimple_cms getsimple_cms
    • Published: Jul. 01, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 294733 Results