Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2017-0049

    The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." This vulnerability is different from tho... Read more

    Affected Products : internet_explorer
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2004-0314

    Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 and earlier allows remote attackers to execute arbitrary script as other users via the message parameter.... Read more

    Affected Products : webzedit
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2025-9979

    The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior. This is due to missing capability checks on the Maspik_spamlog_download_csv function. This makes it possible for authenticated attackers, with subscriber-le... Read more

    Affected Products :
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2017-0065

    Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-201... Read more

    Affected Products : edge
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2025-8479

    The Zoho Flow plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.14.1. This is due to missing or incorrect nonce validation on the zoho_flow_deactivate_plugin function. This makes it possible for unauthent... Read more

    Affected Products :
    • Published: Sep. 11, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2018-5538

    On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable "dnsexpress.notifypor... Read more

    • Published: Jul. 25, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-54251

    Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate XML queries and gain limited un... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: XML External Entity

  • 4.3

    MEDIUM
    CVE-2017-1341

    IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456.... Read more

    Affected Products : websphere_mq mq
    • Published: Dec. 07, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2020-11054

    In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affected w... Read more

    Affected Products : fedora qutebrowser
    • Published: May. 07, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-0092

    Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2... Read more

    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2018-5525

    A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied tr... Read more

    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-26911

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bowo System Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects System Dashboard: from n/a through 2.8.18.... Read more

    Affected Products : system_dashboard
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-1320

    The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.9. This is due to missing or incorrect nonce validation on the import.php page. This makes it possible for unauthenticated attackers ... Read more

    Affected Products : teachpress
    • Published: Mar. 25, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-1901

    Denial of service in PAM password rotation during the check-in process in Devolutions Server 2023.3.14.0 allows an authenticated user with specific PAM permissions to make PAM credentials unavailable. ... Read more

    Affected Products : devolutions_server
    • Published: Mar. 05, 2024
    • Modified: Mar. 28, 2025

  • 4.3

    MEDIUM
    CVE-2024-34047

    O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateHandler.... Read more

    Affected Products : ric-plt-e2mgr
    • Published: Apr. 30, 2024
    • Modified: May. 27, 2025

  • 4.3

    MEDIUM
    CVE-2020-6316

    SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.... Read more

    Affected Products : s\/4hana erp
    • Published: Nov. 10, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-0830

    The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0. This is due to missing or incorrect nonce validation on several ajax actions. This makes it possib... Read more

    • Published: Mar. 13, 2024
    • Modified: Mar. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-0827

    The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4. This is due to missing or incorrect nonce validation on several functions... Read more

    Affected Products : play.ht
    • Published: Mar. 13, 2024
    • Modified: Mar. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-56272

    Missing Authorization vulnerability in ThemeSupport Hide Category by User Role for WooCommerce.This issue affects Hide Category by User Role for WooCommerce: from n/a through 2.1.1.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-32796

    Insertion of Sensitive Information into Log File vulnerability in Very Good Plugins WP Fusion Lite.This issue affects WP Fusion Lite: from n/a through 3.42.10. ... Read more

    Affected Products : wp_fusion
    • Published: Apr. 24, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293623 Results