Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-49317

    Cross-Site Request Forgery (CSRF) vulnerability in NTC WP Page Loading allows Cross Site Request Forgery. This issue affects WP Page Loading: from n/a through 1.0.6.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-39437

    Cross-Site Request Forgery (CSRF) vulnerability in Boone Gorges Anthologize allows Cross Site Request Forgery. This issue affects Anthologize: from n/a through 0.8.3.... Read more

    Affected Products : anthologize
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-39438

    Cross-Site Request Forgery (CSRF) vulnerability in momen2009 Theme Changer allows Cross Site Request Forgery. This issue affects Theme Changer: from n/a through 1.3.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-3647

    A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve.... Read more

    Affected Products : moodle
    • Published: Apr. 25, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2008-1174

    Cross-site scripting (XSS) vulnerability in editUser.asp in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter.... Read more

    Affected Products : authentix
    • Published: Mar. 06, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-1306

    Multiple cross-site scripting (XSS) vulnerabilities in Savvy Content Manager (CM) allow remote attackers to inject arbitrary web script or HTML via the searchterms parameter to (1) searchresults.cfm, (2) search_results.cfm, and (3) search_results/index.cf... Read more

    Affected Products : savvy_content_manager
    • Published: Mar. 12, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-1175

    Cross-site scripting (XSS) vulnerability in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter to aspAdmin/deleteUser.asp, a different vector than CVE-2008-1174. NOTE: the provenance of this in... Read more

    Affected Products : authentix
    • Published: Mar. 06, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-24436

    Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability t... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Feb. 11, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2008-1353

    zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero.... Read more

    Affected Products : zabbix
    • Published: Mar. 17, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-1180

    Cross-site scripting (XSS) vulnerability in dana-na/auth/rdremediate.cgi in Juniper Networks Secure Access 2000 5.5 R1 build 11711 allows remote attackers to inject arbitrary web script or HTML via the delivery_mode parameter.... Read more

    Affected Products : secure_access_2000
    • Published: Mar. 06, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-1172

    Cross-site request forgery (CSRF) vulnerabilities in account-inbox.php in TorrentTrader Classic 1.08 allow remote attackers to perform certain actions as other users, as demonstrated by sending messages.... Read more

    Affected Products : torrenttrader torrenttrader_classic
    • Published: Mar. 06, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-23190

    Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to. The attacker cannot modify data or impact the availability of the syst... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2008-1243

    Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI.... Read more

    Affected Products : wrt300n
    • Published: Mar. 10, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-20956

    Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-53653

    Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controll... Read more

    Affected Products : aqua_security_scanner
    • Published: Jul. 09, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-48128

    Missing Authorization vulnerability in Sharespine Sharespine Woocommerce Connector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sharespine Woocommerce Connector: from n/a through 4.7.55.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2008-1202

    Cross-site scripting (XSS) vulnerability in the web management interface in Adobe LiveCycle Workflow 6.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : livecycle_workflow
    • Published: Mar. 12, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-0834

    Cross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS before 8.0.0.2 Hotfix 11, when anonymous access is disabled on HTTP ports, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : lotus_quickr
    • Published: Feb. 20, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-3851

    The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 1.1.0 to 2.7.13 via the show() function due to missing validation on a user controlled key. This makes ... Read more

    Affected Products : wp_smartpay
    • Published: May. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-31327

    SAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data tampering, due to which certain fields could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and avai... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 294286 Results