Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2006-5653

    Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: this issue might be related to CVE... Read more

    Affected Products : java_system_messenger_express
    • Published: Nov. 03, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2022-4769

    Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name.  ... Read more

    • Published: Apr. 03, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-24744

    Missing Authorization vulnerability in NotFound Bridge Core. This issue affects Bridge Core: from n/a through 3.3.... Read more

    Affected Products : bridge_core
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2023-47159

    IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses.... Read more

    Affected Products : sterling_file_gateway
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2024-13639

    The Read More & Accordion plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the expmDeleteData() function in all versions up to, and including, 3.4.2. This makes it possible for authentic... Read more

    Affected Products : read_more_\&_accordion
    • Published: Feb. 13, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2023-34466

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.0-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, tags from pages not viewable to the current user are leaked ... Read more

    Affected Products : xwiki
    • Published: Jun. 23, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-38752

    Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as"non-disclosure" in the system settings.... Read more

    • Published: Aug. 09, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4423

    The RAYS Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the rsgd_insert_update() function. This makes it possible for unauthenticated a... Read more

    Affected Products : rays_grid
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-29606

    py-libp2p before 0.2.3 allows a peer to cause a denial of service (resource consumption) via a large RSA key.... Read more

    Affected Products : libp2p
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2006-4917

    Cross-site scripting (XSS) vulnerability in search.php in PT News 1.7.8 allows remote attackers to inject arbitrary web script or HTML via the pgname parameter.... Read more

    Affected Products : pt_news
    • Published: Sep. 21, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2021-36865

    Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the quiz.... Read more

    • Published: Sep. 30, 2022
    • Modified: Feb. 20, 2025

  • 4.3

    MEDIUM
    CVE-2025-54041

    Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet System for WooCommerce allows Cross Site Request Forgery. This issue affects Wallet System for WooCommerce: from n/a through 2.6.7.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-49164

    Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a.... Read more

    Affected Products :
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cryptography

  • 4.3

    MEDIUM
    CVE-2023-30683

    Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call endCall API without permission.... Read more

    Affected Products : android android dex
    • Published: Aug. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-35931

    Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1. ... Read more

    Affected Products : shescape
    • Published: Jun. 23, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-13552

    The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.0 via file upload due to missing validation on a user controlled key. This makes ... Read more

    Affected Products : supportcandy
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-39511

    Missing Authorization vulnerability in ValvePress Pinterest Automatic Pin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pinterest Automatic Pin: from n/a through 4.18.2.... Read more

    Affected Products : pinterest_automatic_pin
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2001-1523

    Cross-site scripting (XSS) vulnerability in the DMOZGateway module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the topic parameter.... Read more

    Affected Products : dmozgateway
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2025-31063

    Missing Authorization vulnerability in redqteam Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wishlist: from n/a through 2.1.0.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2023-20180

    A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the... Read more

    Affected Products : webex_meetings
    • Published: Jul. 07, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293641 Results