Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2007-4365

    Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a set_lang cookie to an unspecified component. NOTE: this may overlap CVE-2007-1965.... Read more

    Affected Products : content_management_system
    • Published: Aug. 15, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2021-34775

    Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause i... Read more

    • Published: Oct. 06, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-1569

    Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate.... Read more

    Affected Products : forticlient
    • Published: Feb. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-0473

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allow remote attackers to inject arbitrary web script or HTML via a crafted report.... Read more

    • Published: Mar. 29, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-4530

    Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak Server 2.0.20.1 allow remote attackers to inject arbitrary web script or HTML via (1) the error_text parameter to error_box.html or (2) the ok_title parameter to ok_box.html.... Read more

    Affected Products : web_server
    • Published: Aug. 25, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-1081

    Cross-site scripting (XSS) vulnerability in view.php in AzDGDatingPlatinum 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.... Read more

    Affected Products : azdgdating
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2007-4630

    Cross-site scripting (XSS) vulnerability in xlaapmview.asp in Absolute Poll Manager XE 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.... Read more

    Affected Products : absolute_poll_manager_xe
    • Published: Aug. 31, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-6794

    Cross-site scripting (XSS) vulnerability in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allows remote attackers to inject arbitrary web script or HTML via the Location field. NOTE: the provenance of this information is unknown; the details are obt... Read more

    Affected Products : olat
    • Published: Nov. 14, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2005-1318

    Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forwarding Manager before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.... Read more

    Affected Products : forwards
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-2353

    The CHP Ads Block Detector plugin for WordPress is vulnerable to unauthorized plugin settings update and reset due to a missing capability check on the chp_abd_action function in versions up to, and including, 3.9.4. This makes it possible for subscriber-... Read more

    Affected Products : chp_ads_block_detector
    • Published: Aug. 31, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-20757

    Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.... Read more

    Affected Products : garoon
    • Published: Aug. 18, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-5858

    The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions up to, and including, 4.7.4. This makes it possible for a... Read more

    Affected Products :
    • Published: Jun. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-3825

    Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration ... Read more

    Affected Products :
    • Published: Apr. 17, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-32162

    CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion.... Read more

    Affected Products : cmseasy
    • Published: Apr. 17, 2024
    • Modified: Apr. 14, 2025

  • 4.3

    MEDIUM
    CVE-2021-3763

    A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact... Read more

    Affected Products : amq_broker
    • Published: Aug. 23, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-2023

    The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. This makes it possible for authenticated att... Read more

    Affected Products : folders
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31219

    Discourse-reactions is a plugin that allows user to add their reactions to the post. When whispers are enabled on a site via `whispers_allowed_groups` and reactions are made on whispers on public topics, the contents of the whisper and the reaction data a... Read more

    Affected Products : discourse_reactions
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-3978

    A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgradin... Read more

    Affected Products : nodebb
    • Published: Nov. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-34557

    Cross-Site Request Forgery (CSRF) vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.4. ... Read more

    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31383

    Cross-Site Request Forgery (CSRF) vulnerability in Pagelayer PopularFX.This issue affects PopularFX: from n/a through 1.2.4. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293608 Results