Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-53254

    Cross-Site Request Forgery (CSRF) vulnerability in webcraftic Cyrlitera allows Cross Site Request Forgery. This issue affects Cyrlitera: from n/a through 1.2.0.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-53197

    Cross-Site Request Forgery (CSRF) vulnerability in cookiebot Cookiebot allows Cross Site Request Forgery. This issue affects Cookiebot: from n/a through 4.5.8.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-53203

    Cross-Site Request Forgery (CSRF) vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder allows Cross Site Request Forgery. This issue affects WooCommerce PDF Invoice Builder: from n/a through 1.2.148.... Read more

    Affected Products : woocommerce_pdf_invoice_builder
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2023-5726

    A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected... Read more

    Affected Products : firefox firefox_esr thunderbird macos
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-53323

    Missing Authorization vulnerability in danbriapps Pre-Publish Post Checklist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pre-Publish Post Checklist: from n/a through 3.1.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-5526

    The BuddyPress Docs WordPress plugin before 2.2.5 lacks proper access controls and allows a logged in user to view and download files belonging to another user... Read more

    Affected Products : buddypress_docs
    • Published: Jun. 27, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2008-1173

    Cross-site scripting (XSS) vulnerability in account-inbox.php in TorrentTrader Classic 1.08 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.... Read more

    Affected Products : torrenttrader torrenttrader_classic
    • Published: Mar. 06, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-1174

    Cross-site scripting (XSS) vulnerability in editUser.asp in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter.... Read more

    Affected Products : authentix
    • Published: Mar. 06, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-5937

    The MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the ... Read more

    Affected Products : micropayments
    • Published: Jun. 28, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2008-1175

    Cross-site scripting (XSS) vulnerability in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter to aspAdmin/deleteUser.asp, a different vector than CVE-2008-1174. NOTE: the provenance of this in... Read more

    Affected Products : authentix
    • Published: Mar. 06, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-52919

    In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded.... Read more

    Affected Products :
    • Published: Jun. 21, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2024-13215

    The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authentica... Read more

    Affected Products : elementor_addon_elements
    • Published: Jan. 15, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2008-1202

    Cross-site scripting (XSS) vulnerability in the web management interface in Adobe LiveCycle Workflow 6.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : livecycle_workflow
    • Published: Mar. 12, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-1211

    Cross-site scripting (XSS) vulnerability in BosDates 3.x and 4.x allows remote attackers to inject arbitrary web script or HTML via (1) the type parameter in calendar.php and (2) the category parameter in calendar_search.php. NOTE: the provenance of this... Read more

    Affected Products : bosdates
    • Published: Mar. 08, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-1208

    Cross-site scripting (XSS) vulnerability in the login page in Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x allows remote attackers to inject arbitrary web script or HTML via the user parameter.... Read more

    Affected Products : vpn-1_utm_edge_w_embedded_ngx
    • Published: Mar. 08, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-5710

    The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authe... Read more

    Affected Products : system_dashboard
    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-49982

    Missing Authorization vulnerability in aguilatechnologies WP Customer Area allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Customer Area: from n/a through 8.2.5.... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2019-1357

    A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0608.... Read more

    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-5721

    It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.... Read more

    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-8357

    The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file deletion in the /wp-content/uploads directory due to insufficient file path validation and user capability checking in the _process_mla_download_file function in all versions... Read more

    Affected Products : media_library_assistant
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Authorization
Showing 20 of 293530 Results