Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2009-3216

    Multiple directory traversal vulnerabilities in iWiccle 1.01, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the show parameter to the admin module, reachable through index.php; or (2) the modul... Read more

    Affected Products : iwiccle
    • Published: Sep. 16, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-2195

    Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name... Read more

    • Published: May. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-43337

    Cross-Site Request Forgery (CSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.7.0.... Read more

    Affected Products : brave
    • Published: Aug. 26, 2024
    • Modified: Aug. 27, 2024

  • 4.3

    MEDIUM
    CVE-2024-32525

    Missing Authorization vulnerability in Theme My Login.This issue affects Theme My Login: from n/a through 7.1.6. ... Read more

    Affected Products :
    • Published: Apr. 17, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-1188

    Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) type or (2) querystring parameters to private/en/error or (3) name parameter to private/en/locale/index.... Read more

    Affected Products : fork_cms
    • Published: Sep. 26, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-23688

    Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the ... Read more

    Affected Products : aos-cx cx_6200f cx_6300 cx_6400 cx_8320 cx_8325 cx_8400 cx_8360 cx_10000 cx_9300 +3 more products
    • Published: Sep. 06, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-23503

    Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.6.... Read more

    Affected Products : ninja_tables
    • Published: Jun. 11, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-30909

    Missing Authorization vulnerability in Conversios Conversios.io allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Conversios.io: from n/a through 7.2.3.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2020-10635

    Simulation models for KUKA.Sim Pro version 3.1 are hosted by a server maintained by KUKA. When these devices request a model, the server transmits the model in plaintext.... Read more

    Affected Products : sim_pro
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-7182

    Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the poly_id parameter in an (1) edit_poly, (2) edit_polyline, or (3) edit_marker... Read more

    Affected Products : wp_go_maps
    • Published: Oct. 22, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-45203

    Improper authorization in handler for custom URL scheme issue in "@cosme" App for Android versions prior 5.69.0 and "@cosme" App for iOS versions prior to 6.74.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a... Read more

    Affected Products : \@cosme
    • Published: Sep. 09, 2024
    • Modified: Mar. 13, 2025

  • 4.3

    MEDIUM
    CVE-2007-4819

    Multiple cross-site scripting (XSS) vulnerabilities in Txx CMS 0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : txx_cms
    • Published: Sep. 11, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-47551

    Cross-Site Request Forgery (CSRF) vulnerability in ctltwp Wiki Embed allows Cross Site Request Forgery. This issue affects Wiki Embed: from n/a through 1.4.6.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2011-3835

    Multiple cross-site scripting (XSS) vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to (1) admin/login.php and (2) admin/404.php; the (3) q parameter to search.php; the (4) theme_name param... Read more

    Affected Products : wuzly
    • Published: Dec. 24, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2016-7801

    Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.... Read more

    Affected Products : garoon
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2024-45270

    WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause ... Read more

    Affected Products : carousel_slider
    • Published: Sep. 02, 2024
    • Modified: Mar. 13, 2025

  • 4.3

    MEDIUM
    CVE-2012-5099

    Cross-site scripting (XSS) vulnerability in list.php in PHPB2B 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.... Read more

    Affected Products : phpb2b
    • Published: Sep. 23, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-23518

    Missing Authorization vulnerability in Navneil Naicker ACF Photo Gallery Field.This issue affects ACF Photo Gallery Field: from n/a through 2.6.... Read more

    Affected Products :
    • Published: Jun. 11, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-30546

    Cross-Site Request Forgery (CSRF) vulnerability in boroV Cackle allows Cross Site Request Forgery. This issue affects Cackle: from n/a through 4.33.... Read more

    Affected Products :
    • Published: Mar. 24, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2008-2049

    The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows remote attackers to obtain sensitive information via multiple crafted APOP commands for a known POP3 account, which displays the password in a POP3 error message.... Read more

    Affected Products : mail_server
    • Published: May. 01, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 293620 Results