Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2017-1768

    IBM Security Guardium Big Data Intelligence (SonarG) 3.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 136471.... Read more

    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-3010

    Cross-site scripting (XSS) vulnerability on the HP 3Com OfficeConnect Gigabit VPN Firewall 3CREVF100-73 with firmware before 1.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: a separate XSS issue for HP ... Read more

    • Published: Sep. 15, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-3647

    Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) comemail or (2) comname parameter ... Read more

    Affected Products : wp-photo-album-plus
    • Published: May. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3400

    sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obtain sensitive information by reading shared files.... Read more

    Affected Products : zfs
    • Published: Oct. 18, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2015-4714

    Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S allows remote attackers to inject arbitrary web script or HTML via the mode parameter to /body.... Read more

    • Published: Jun. 22, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-5228

    Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter. NOTE: some of these details ar... Read more

    Affected Products : phplist
    • Published: Oct. 01, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2016-8926

    IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539.... Read more

    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2007-5477

    Cross-site scripting (XSS) vulnerability in auth.w in djeyl.net WebMod 0.48 Half-Life Dedicated Server plugin allows remote attackers to inject arbitrary web script or HTML via the redir parameter.... Read more

    • Published: Oct. 16, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2021-39018

    IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726.... Read more

    • Published: Jul. 14, 2022
    • Modified: Mar. 25, 2025

  • 4.3

    MEDIUM
    CVE-2005-4580

    Cross-site scripting (XSS) vulnerability in Day Communique 4 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search.... Read more

    Affected Products : communique
    • Published: Dec. 29, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2025-1778

    The Art Theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'arttheme_theme_option_restore' AJAX function in all versions up to, and including, 3.12.2.3. This makes it possible for authenticated attackers, wit... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-49286

    Cross-Site Request Forgery (CSRF) vulnerability in WP Table Builder WP Table Builder allows Cross Site Request Forgery. This issue affects WP Table Builder: from n/a through 2.0.6.... Read more

    Affected Products : wp_table_builder
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2023-28810

    Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local netw... Read more

    • Published: Jun. 15, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-3356

    The Subscribers Text Counter WordPress plugin before 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting du... Read more

    Affected Products : subscribers_text_counter
    • Published: Aug. 30, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-45089

    IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition EBICS server could allow an authenticated user to obtain sensitive filename information due to an observable discrepancy.... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Jan. 31, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2022-3923

    The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs.... Read more

    Affected Products : activecampaign_for_woocommerce
    • Published: Jan. 09, 2023
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-2894

    The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_deactivate_product function. This makes it possible for unau... Read more

    Affected Products : wp_easycart
    • Published: Jun. 09, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-30641

    Improper access control vulnerability in Settings prior to SMR Jul-2023 Release 1 allows physical attacker to use restricted user profile to access device owner's google account data.... Read more

    Affected Products : android android dex
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-13416

    Using API in the 2N OS device, authorized user can enable logging, which discloses valid authentication tokens in system log. 2N has released an updated version 2.46 of 2N OS, where this vulnerability is mitigated. It is recommended that all customers... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2022-3582

    A vulnerability has been found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument change password leads to cross-site requ... Read more

    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293620 Results