Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2019-10271

    An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the prof... Read more

    Affected Products : ultimate_member
    • Published: Jun. 24, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-10273

    Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify... Read more

    Affected Products : manageengine_servicedesk_plus
    • Published: Apr. 04, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-0862

    Cross-site scripting (XSS) vulnerability in the hook_cntrlr_error_output function in modules/page/hooks/listeners.php in the admincp component in TangoCMS 2.2.x (aka Eagle) before 2.2.4 allows remote attackers to inject arbitrary web script or HTML via un... Read more

    Affected Products : tangocms
    • Published: Mar. 10, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-31942

    Cross-Site Request Forgery (CSRF) vulnerability in Typps Calendarista Basic Edition.This issue affects Calendarista Basic Edition: from n/a through 3.0.2. ... Read more

    Affected Products : calendarista
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-2295

    Cross-site scripting (XSS) vulnerability in rg_search.php in Rgboard 3.0.12, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the s_text parameter and other unspecified vectors.... Read more

    Affected Products : rgboard
    • Published: May. 18, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-5916

    Cross-site scripting (XSS) vulnerability in falha.php in the Bradesco Gateway plugin 2.0 for Wordpress, as used in the WP e-Commerce plugin, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.... Read more

    Affected Products : bradesco_gateway
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-4957

    The Frontend Checklist WordPress plugin through 2.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more

    Affected Products : frontend_checklist
    • Published: Jun. 26, 2024
    • Modified: Apr. 30, 2025

  • 4.3

    MEDIUM
    CVE-2012-4844

    Cross-site scripting (XSS) vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : lotus_domino
    • Published: Feb. 27, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-27707

    Server Side Request Forgery (SSRF) vulnerability in hcengineering Huly Platform v.0.6.202 allows attackers to run arbitrary code via upload of crafted SVG file.... Read more

    Affected Products :
    • Published: Mar. 07, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-1742

    Cross-site scripting (XSS) vulnerability in projects.php in Scratcher allows remote attackers to inject arbitrary web script or HTML via the show parameter.... Read more

    Affected Products : scratcher
    • Published: May. 06, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-24711

    Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11. ... Read more

    Affected Products : woocommerce_conversion_tracking
    • Published: Mar. 26, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-0895

    Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter.... Read more

    Affected Products : wordpress count_per_day
    • Published: Jan. 20, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-5294

    Cross-site scripting (XSS) vulnerability in index.php in phplist before 2.10.3 allows remote attackers to inject arbitrary web script or HTML via the unsubscribeemail parameter.... Read more

    Affected Products : phplist
    • Published: Oct. 16, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-1712

    Multiple cross-site scripting (XSS) vulnerabilities in base/Comments.php in Webmobo WB News 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and possibly (2) message parameters. NOTE: some of these details are obtained... Read more

    Affected Products : wbnews
    • Published: May. 04, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-0967

    A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Enterprise Security Manager (ESM). The vulnerability could be remotely exploited.... Read more

    Affected Products :
    • Published: Mar. 01, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-3835

    Multiple cross-site scripting (XSS) vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to (1) admin/login.php and (2) admin/404.php; the (3) q parameter to search.php; the (4) theme_name param... Read more

    Affected Products : wuzly
    • Published: Dec. 24, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-6642

    Cross-site scripting (XSS) vulnerability in ClipBucket 2.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter to view_channel.php. NOTE: the provenance of this information is unknown; the details are obtained solely fro... Read more

    Affected Products : clipbucket
    • Published: Apr. 08, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2025-49973

    Missing Authorization vulnerability in GrandPlugins Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Sizes Controller, Create Custom Im... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025

  • 4.3

    MEDIUM
    CVE-2022-24902

    TkVideoplayer is a simple library to play video files in tkinter. Uncontrolled memory consumption in versions of TKVideoplayer prior to 2.0.0 can theoretically lead to performance degradation. There are no known workarounds. This issue has been patched an... Read more

    Affected Products : tkvideoplayer
    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-6196

    Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote attackers to inject arbitrary web script or HTML by leveraging... Read more

    • Published: Nov. 26, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293620 Results