Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-7152

    Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the update_options action to wp-admin/admin-ajax.php.... Read more

    Affected Products : easy_mailchimp_forms_plugin
    • Published: Sep. 26, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2006-2181

    Multiple cross-site scripting (XSS) vulnerabilities in Albinator 2.0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to dlisting.php or (2) preloadSlideShow parameter to showpic.php.... Read more

    Affected Products : albinator
    • Published: May. 04, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-2165

    Multiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4.x, 5.x, and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) portal, (2) fromDate, (3) toDate... Read more

    • Published: Apr. 06, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-7254

    Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : opsview
    • Published: Jan. 03, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-14946

    downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. When downloading the files, a user is able to view local files on the web server by ... Read more

    Affected Products : bsa_radar
    • Published: Jun. 22, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-9077

    HUAWEI P30 smart phones with versions earlier than 10.1.0.160(C00E160R2P11) have an information exposure vulnerability. The system does not properly authenticate the application that access a specified interface. Attackers can trick users into installing ... Read more

    Affected Products : p30_firmware p30
    • Published: Jul. 27, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-4488

    Cross-site scripting (XSS) vulnerability in ap-pages.php in Atarone CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) id parameters. NOTE: the provenance of this information is unknown; the details are obta... Read more

    Affected Products : atarone
    • Published: Oct. 08, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-3736

    Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the name of an attached file.... Read more

    • Published: May. 05, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2022-35279

    "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against... Read more

    Affected Products : business_automation_workflow
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 4.3

    MEDIUM
    CVE-2022-35250

    A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions.... Read more

    Affected Products : rocket.chat
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 4.3

    MEDIUM
    CVE-2024-1489

    The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. This is due to missing or incorrect nonce validation on the processBulkAction function. This make... Read more

    Affected Products : sms_alert_order_notifications
    • Published: Mar. 13, 2024
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2024-1405

    A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit ha... Read more

    Affected Products : wrt54gl_firmware wrt54gl
    • Published: Feb. 10, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-34377

    Missing Authorization vulnerability in A WP Life Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery.This issue affects Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery: from n/a through 1.5.3. ... Read more

    Affected Products :
    • Published: May. 06, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-33573

    Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This issue affects EPROLO Dropshipping: from n/a through 1.7.1. ... Read more

    Affected Products :
    • Published: May. 08, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-1479

    Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.... Read more

    Affected Products : creative_guestbook
    • Published: Mar. 16, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2022-24866

    Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object, which leaked some private information. The data was o... Read more

    Affected Products : assign
    • Published: Apr. 26, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-2084

    Cross-site scripting (XSS) vulnerability in the Printer, email and PDF versions module 6.x-1.x before 6.x-1.15 and 7.x-1.x before 7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably the PATH_... Read more

    Affected Products : drupal print
    • Published: Nov. 22, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2104

    Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary files via a metalink file containing directory traversal sequences in the name attribute of a file element.... Read more

    Affected Products : orbit_downloader
    • Published: May. 27, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2025-31410

    Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Church Donation allows Cross Site Request Forgery.This issue affects WP Church Donation: from n/a through 1.7.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2013-0317

    Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomp... Read more

    Affected Products : drupal og_manager_change
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293612 Results