Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-31572

    Cross-Site Request Forgery (CSRF) vulnerability in v20202020 Multi Days Events and Multi Events in One Day Calendar allows Cross Site Request Forgery. This issue affects Multi Days Events and Multi Events in One Day Calendar: from n/a through 1.1.3.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-30598

    Cross-Site Request Forgery (CSRF) vulnerability in Link OSS Upload allows Cross Site Request Forgery. This issue affects OSS Upload: from n/a through 4.8.9.... Read more

    Affected Products :
    • Published: Mar. 24, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2008-5961

    Cross-site scripting (XSS) vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to inject arbitrary web script or HTML via the cID parameter in a document action. NOTE: the provenance of this information is unkno... Read more

    Affected Products : tribiq_cms
    • Published: Jan. 23, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-30568

    Cross-Site Request Forgery (CSRF) vulnerability in hitoy Super Static Cache allows Cross Site Request Forgery. This issue affects Super Static Cache: from n/a through 3.3.5.... Read more

    Affected Products :
    • Published: Mar. 24, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2012-4336

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flogr 2.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) an arbitrary parameter.... Read more

    Affected Products : flogr
    • Published: Sep. 15, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4040

    Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page.... Read more

    Affected Products : internet_explorer phpmyfaq
    • Published: Nov. 20, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-36638

    An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6... Read more

    Affected Products : fortimanager fortianalyzer
    • Published: Sep. 13, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-1472

    Mattermost versions 9.11.x <= 9.11.8 fail to properly perform authorization of the Viewer role which allows an attacker with the Viewer role configured with No Access to Reporting to still view team and site statistics.... Read more

    Affected Products : mattermost_server
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2018-1999037

    A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a resource.... Read more

    Affected Products : resource_disposer
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-5786

    Cross-site scripting (XSS) vulnerability in the Silva Find extension 1.1.5 and earlier in Silva 1.x before 1.6.3.2, Silva 2.0 before 2.0.12.2, and Silva 2.1 before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the fulltext par... Read more

    Affected Products : silva silva_find
    • Published: Dec. 31, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-2190

    In LG's LAF component, there is a possible leak of information in a protected disk partition due to a missing bounds check. This could lead to local information disclosure via USB with User execution privileges needed. User interaction is not required for... Read more

    Affected Products : android
    • Published: Sep. 27, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-17143

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mal... Read more

    Affected Products : phantompdf
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-3923

    The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs.... Read more

    Affected Products : activecampaign_for_woocommerce
    • Published: Jan. 09, 2023
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-4058

    Cross-site scripting (XSS) vulnerability in SocketMail Pro 2.2.9 allows remote attackers to inject arbitrary web script or HTML via the subject of an email.... Read more

    Affected Products : socketmail
    • Published: Jul. 25, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-1787

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Poplar Gedcom Viewer 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) text and (2) ul parameters. NOTE: the provenance of this information is unknown; the de... Read more

    Affected Products : poplar_gedcom_viewer
    • Published: Apr. 15, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3857

    Buffer overflow in Softonic International SciTE 1.72 allows user-assisted remote attackers to cause a denial of service (application crash) via a Ruby (.rb) file containing a long string, which triggers the crash when a scroll bar is used.... Read more

    Affected Products : scite
    • Published: Nov. 04, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3780

    Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 and 6.x before 6.x-1.1-alpha1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal abuse
    • Published: Oct. 26, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-36751

    The Coupon Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_meta() function. This makes it possible for unauthenticated attacke... Read more

    Affected Products : coupon_creator
    • Published: Oct. 20, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-36753

    The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation on the save_meta_box() function. This makes it possible for unauthenticated attackers ... Read more

    Affected Products : hueman
    • Published: Oct. 20, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-36758

    The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. This is due to missing or incorrect nonce validation on the save_feedzy_post_type_meta() function. This makes it possibl... Read more

    Affected Products : rss_aggregator_by_feedzy
    • Published: Oct. 20, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294846 Results