Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2013-0741

    Cross-site scripting (XSS) vulnerability in imagegen.ashx in Percipient Studios ImageGen before 2.9.0 for Umbraco CMS allows remote attackers to inject arbitrary web script or HTML via the font parameter.... Read more

    Affected Products : imagen
    • Published: Nov. 19, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2025-32265

    Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP allows Cross Site Request Forgery. This issue affects JobWP: from n/a through 2.3.9.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2009-4207

    Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission.... Read more

    Affected Products : drupal webform
    • Published: Dec. 04, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2022-25783

    Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7.... Read more

    • Published: May. 04, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-49250

    Improper Control of Generation of Code ('Code Injection') vulnerability in cmoreira Team Showcase allows Code Injection. This issue affects Team Showcase: from n/a through n/a.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2022-38329

    A CSRF vulnerability in Shopxian CMS 3.0.0 could allow an unauthenticated, remote attacker to craft a malicious link, potentially causing the administrator to perform unintended actions on an affected system. The vulnerability could allow attackers to mod... Read more

    Affected Products : shopxian_cms
    • Published: Sep. 13, 2022
    • Modified: Mar. 28, 2025

  • 4.3

    MEDIUM
    CVE-2024-29036

    Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache ... Read more

    Affected Products : saleor
    • Published: Mar. 20, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-2705

    CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters.... Read more

    Affected Products : siteminder siteminder j2ee
    • Published: Aug. 11, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-45838

    The goTenna Pro ATAK Plugin does not encrypt callsigns in messages. It is advised to not use sensitive information in callsigns when using this and previous versions of the plugin. Update to current plugin version which uses AES-256 encryption for call... Read more

    Affected Products : atak_plugin gotenna
    • Published: Sep. 26, 2024
    • Modified: Oct. 17, 2024

  • 4.3

    MEDIUM
    CVE-2012-6692

    Cross-site scripting (XSS) vulnerability in js/wp-seo-metabox.js in the WordPress SEO by Yoast plugin before 2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_title parameter to wp-admin/post-new.php, which is n... Read more

    Affected Products : wordpress_seo yoast_seo
    • Published: Jun. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2025-48285

    Cross-Site Request Forgery (CSRF) vulnerability in sbouey Falang multilanguage allows Cross Site Request Forgery. This issue affects Falang multilanguage: from n/a through 1.3.61.... Read more

    Affected Products : falang
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2009-2704

    CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing a %00 (encoded null byte).... Read more

    Affected Products : siteminder j2ee
    • Published: Aug. 11, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-12869

    In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view another user's invite list. This can lead to a privacy breach where users' personal or private information, such as email addresses or user... Read more

    Affected Products : ragflow
    • Published: Mar. 20, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2024-11852

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_layouts() function in all versions... Read more

    Affected Products : element_pack
    • Published: Dec. 22, 2024
    • Modified: Jan. 29, 2025

  • 4.3

    MEDIUM
    CVE-2024-12148

    Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints.... Read more

    Affected Products : devolutions_server
    • Published: Dec. 04, 2024
    • Modified: Mar. 28, 2025

  • 4.3

    MEDIUM
    CVE-2025-52711

    Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Cross Site Request Forgery.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a thro... Read more

    • Published: Jun. 20, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2022-4386

    The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack... Read more

    Affected Products : intuitive_custom_post_order
    • Published: Feb. 21, 2023
    • Modified: Mar. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-3928

    A vulnerability was found in Dromara open-capacity-platform 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /actuator/heapdump of the component auth-server. The manipulation leads to infor... Read more

    Affected Products :
    • Published: Apr. 18, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-2377

    Buffer overflow in the Avax Vector ActiveX control in avPreview.ocx in AVAX-software Avax Vector ActiveX 1.3 allows remote attackers to cause a denial of service (application crash) via a long PrinterName property.... Read more

    Affected Products : avax_vector_activex
    • Published: Jul. 08, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-0404

    Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : documentum_eroom
    • Published: Mar. 15, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 294853 Results