Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-5932

    The Homerunner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.29. This is due to missing or incorrect nonce validation on the main_settings() function. This makes it possible for unauthenticated ... Read more

    Affected Products : homerunner
    • Published: Jun. 26, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2008-0691

    Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority], (2) wp_foot... Read more

    Affected Products : wp-footnotes wp-footnotes
    • Published: Feb. 12, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-26593

    Cross-Site Request Forgery (CSRF) vulnerability in FasterThemes FastBook allows Cross Site Request Forgery. This issue affects FastBook: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2008-1273

    Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) popup.php, (2) test/dir2.php, (3) admin/upload.php, and (4) dirxml.php in upload/. NOTE: the p... Read more

    Affected Products : imagevue
    • Published: Mar. 10, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-28996

    Missing Authorization vulnerability in Thad Allender GPP Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GPP Slideshow: from n/a through 1.3.5.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-10634

    The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack... Read more

    Affected Products : nokaut_offers_box
    • Published: May. 15, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-29005

    Cross-Site Request Forgery (CSRF) vulnerability in weblizar HR Management Lite allows Cross Site Request Forgery. This issue affects HR Management Lite: from n/a through 3.3.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-49798

    IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.... Read more

    Affected Products : applinx
    • Published: Feb. 06, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2008-1061

    Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php, (b) notice.php, and (c) inset.php in view... Read more

    Affected Products : sniplets_plugin
    • Published: Feb. 28, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-10677

    The BTEV WordPress plugin through 2.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : blue_trait_event_viewer
    • Published: May. 15, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2008-1182

    Cross-site scripting (XSS) vulnerability in BSD Perimeter pfSense before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : pfsense pfsense
    • Published: Mar. 06, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-8482

    The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migrate_from_wp_user_avatar() function. This makes it possible for authenticated attackers,... Read more

    Affected Products : simple_local_avatars
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2008-1209

    Cross-site scripting (XSS) vulnerability in redirect.do in Xitex WebContent M1 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from... Read more

    Affected Products : xitex_webcontent_m1
    • Published: Mar. 08, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-3284

    The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.3. This is due to missing or incorrect nonce validation ... Read more

    Affected Products :
    • Published: Apr. 19, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-30557

    Cross-Site Request Forgery (CSRF) vulnerability in odihost Easy 301 Redirects allows Cross Site Request Forgery. This issue affects Easy 301 Redirects: from n/a through 1.33.... Read more

    Affected Products :
    • Published: Mar. 24, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2008-1257

    Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ZyXEL P-660HW series router allows remote attackers to inject arbitrary web script or HTML via the PingIPAddr parameter.... Read more

    Affected Products : p-660hw p-660hw_d1 p-660hw_d3 p-660hw_t3
    • Published: Mar. 10, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-48460

    An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-30956

    Cross-Site Request Forgery (CSRF) vulnerability in Booqable Rental Software Booqable Rental allows Cross Site Request Forgery. This issue affects Booqable Rental: from n/a through 2.4.20.... Read more

    Affected Products : rental_software_booqable_rental
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-23954

    Missing Authorization vulnerability in AWcode & KingfisherFox Salvador – AI Image Generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salvador – AI Image Generator: from n/a through 1.0.11.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-46749

    An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 294276 Results