Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2008-0828

    Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) attributes such as style and onmouseover in (a) forum post or (b) mail; or (2) the website field of the p... Read more

    Affected Products : atutor
    • Published: Feb. 19, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-1232

    Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the ... Read more

    Affected Products : tomcat
    • Published: Aug. 04, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-53269

    Cross-Site Request Forgery (CSRF) vulnerability in imw3 My Wp Brand allows Cross Site Request Forgery. This issue affects My Wp Brand: from n/a through 1.1.3.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-26202

    Cross-Site Scripting (XSS) vulnerability exists in the WPA/WAPI Passphrase field of the Wireless Security settings (2.4GHz & 5GHz bands) in DZS Router Web Interface. An authenticated attacker can inject malicious JavaScript into the passphrase field, whic... Read more

    Affected Products :
    • Published: Mar. 04, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-53267

    Cross-Site Request Forgery (CSRF) vulnerability in Aftab Husain Hide Admin Bar From Front End allows Cross Site Request Forgery. This issue affects Hide Admin Bar From Front End: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-53270

    Cross-Site Request Forgery (CSRF) vulnerability in Blend Media WordPress CTA allows Cross Site Request Forgery. This issue affects WordPress CTA: from n/a through 1.6.9.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2008-1213

    Cross-site scripting (XSS) vulnerability in Numara FootPrints for Linux 8.1 allows remote attackers to inject arbitrary web script or HTML via the Title form field when setting an appointment. NOTE: the provenance of this information is unknown; the deta... Read more

    Affected Products : linux_kernel footprints
    • Published: Mar. 08, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-53323

    Missing Authorization vulnerability in danbriapps Pre-Publish Post Checklist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pre-Publish Post Checklist: from n/a through 3.1.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-31776

    Cross-Site Request Forgery (CSRF) vulnerability in Aphotrax Uptime Robot Plugin for WordPress allows Cross Site Request Forgery. This issue affects Uptime Robot Plugin for WordPress: from n/a through 2.3.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-7221

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the give_update_payment_status() function in all versions up to, and including, 4.5.0. This ... Read more

    Affected Products : givewp
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-53254

    Cross-Site Request Forgery (CSRF) vulnerability in webcraftic Cyrlitera allows Cross Site Request Forgery. This issue affects Cyrlitera: from n/a through 1.2.0.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-47870

    Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.9.x <= 10.9.2 fail to sanitize the team invite ID in the POST /api/v4/teams/:teamId/restore endpoint which allows an team admin with no member invite privileges to get the team... Read more

    Affected Products : mattermost_server
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-57893

    Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search allows Cross Site Request Forgery. This issue affects WP Fast Total Search: from n/a through 1.79.270.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-9331

    The Spacious theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'welcome_notice_import_handler' function in all versions up to, and including, 1.9.11. This makes it possible for authenticated at... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-48260

    Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR CCPA Compliance Support: from n/a through 2.7.3.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2008-1133

    The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks.... Read more

    Affected Products : drupal
    • Published: Mar. 04, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-8398

    The Simple Nav Archives WordPress plugin through 2.1.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : simple_nav_archives
    • Published: May. 15, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2003-1553

    Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-speci... Read more

    Affected Products : sips
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1438

    Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that w... Read more

    Affected Products : weblogic_server
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1088

    Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter.... Read more

    Affected Products : zorum
    • Published: Aug. 11, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 293946 Results