Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-8068

    The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to an improper capability check on the 'ajax_trash_templates' function in all versions up to, and including, 2.9.1. This makes... Read more

    Affected Products : ht_mega
    • Published: Jul. 31, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-8151

    The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.9.1 via the 'save_block_css' function. This makes it possible for authenticated attackers, with Author-level access an... Read more

    Affected Products : ht_mega
    • Published: Jul. 31, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2008-1342

    Multiple cross-site scripting (XSS) vulnerabilities in the search feature in Polymita BPM-Suite and CollagePortal allow remote attackers to inject arbitrary web script or HTML via the (1) _q and (2) lucene_index_field_value parameters. NOTE: the provenan... Read more

    Affected Products : bpm_suite collageportal
    • Published: Mar. 17, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2011-2381

    CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to inject arbitrary e-mail headers via an attach... Read more

    Affected Products : bugzilla
    • Published: Aug. 09, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-0398

    Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form.... Read more

    Affected Products : aflog
    • Published: Jan. 23, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-0409

    Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL.... Read more

    Affected Products : http_file_server http_file_server
    • Published: Jan. 29, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2022-22363

    IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks again... Read more

    Affected Products : windows cognos_controller controller
    • Published: Jan. 07, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2011-2444

    Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "u... Read more

    • Published: Sep. 22, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-0439

    Cross-site scripting (XSS) vulnerability in templates/default/admincp/attachments_header.php in DeluxeBB 1.1 allows remote attackers to inject arbitrary web script or HTML via the lang_listofmatches parameter.... Read more

    Affected Products : deluxebb
    • Published: Jan. 23, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-0404

    Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary.... Read more

    Affected Products : mantis
    • Published: Jan. 23, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2011-2598

    The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory.... Read more

    Affected Products : firefox
    • Published: Jun. 30, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-0400

    Cross-site scripting (XSS) vulnerability in header.tpl.php in the modern template for Singapore 0.10.1 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter to default.php.... Read more

    Affected Products : modern singapore
    • Published: Jan. 23, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-22299

    Missing Authorization vulnerability in spacecodes AI for SEO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI for SEO: from n/a through 1.2.9.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-22298

    Missing Authorization vulnerability in Hive Support Hive Support – WordPress Help Desk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support – WordPress Help Desk: from n/a through 1.1.6.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2011-2630

    Opera before 11.11 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload occurring after the opening of a popup of the Easy Sticky Note extension.... Read more

    Affected Products : opera_browser
    • Published: Jul. 01, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2025-30351

    Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.10.0 and prior to version 11.5.0, a suspended user can use the token generated in session auth mode to access the API despite their status. This happen... Read more

    Affected Products : directus
    • Published: Mar. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2008-0336

    Multiple cross-site request forgery (CSRF) vulnerabilities in BugTracker.NET before 2.7.2 allow remote attackers to delete arbitrary bugs and perform other administrative tasks via unspecified vectors, possibly related to delete_*.aspx pages, and massedit... Read more

    Affected Products : bugtracker.net
    • Published: Jan. 17, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-0681

    Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is not properly handled during generation of... Read more

    Affected Products : identity_services_engine_software
    • Published: Jan. 29, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-56271

    Missing Authorization vulnerability in SecureSubmit WP SecureSubmit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SecureSubmit: from n/a through 1.5.16.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2008-0152

    SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier allows user-assisted remote attackers to cause a denial of service (crash) via unspecified telnet options, which triggers a NULL pointer dereference. NOTE: the crash is not user-assist... Read more

    Affected Products : slnet_rf_telnet_server
    • Published: Jan. 09, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 293669 Results