Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2008-1260

    Multiple cross-site request forgery (CSRF) vulnerabilities on the Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware allow remote attackers to (1) make the admin web server available on the Internet (WAN) interface via the WWWAccessInterface parameter to... Read more

    Affected Products : p-2602hw-d1a
    • Published: Mar. 10, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-4339

    The TheGem theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxApi() function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber... Read more

    Affected Products : thegem
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-46742

    Users who were required to change their password could still access system information before changing their password... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-46749

    An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2008-1257

    Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ZyXEL P-660HW series router allows remote attackers to inject arbitrary web script or HTML via the PingIPAddr parameter.... Read more

    Affected Products : p-660hw p-660hw_d1 p-660hw_d3 p-660hw_t3
    • Published: Mar. 10, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-1048

    Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plume CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.... Read more

    Affected Products : plume_cms
    • Published: Feb. 27, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-1076

    Cross-site scripting (XSS) vulnerability in search.php in Interspire Shopping Cart 1.x allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. NOTE: the provenance of this information is unknown; the details are obt... Read more

    Affected Products : shopping_cart
    • Published: Feb. 29, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-49052

    Missing Authorization vulnerability in Dariolee Netease Music allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Netease Music: from n/a through 3.2.1.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-4035

    A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections an... Read more

    • Published: Apr. 29, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-3452

    The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'secupress_reinstall_plugins_admin_ajax_cb' function in all versions up to, and including, 2.3.9. This... Read more

    Affected Products : secupress
    • Published: Apr. 29, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2008-1041

    Cross-site scripting (XSS) vulnerability in mwhois.php in Matt Wilson Matt's Whois (MWhois) allows remote attackers to inject arbitrary web script or HTML via the domain parameter.... Read more

    Affected Products : matts_whois
    • Published: Feb. 27, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-0049

    When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0... Read more

    Affected Products : goanywhere_managed_file_transfer
    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2008-1047

    Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : tikiwiki_cms\/groupware
    • Published: Feb. 27, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-1314

    The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5. This is due to missing or incorrect nonce validation on the ctf_clear_cache_admin() f... Read more

    Affected Products : custom_twitter_feeds
    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-54694

    Cross-Site Request Forgery (CSRF) vulnerability in bPlugins Button Block allows Cross Site Request Forgery. This issue affects Button Block: from n/a through 1.2.0.... Read more

    Affected Products : button_block
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2014-3764

    Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified ve... Read more

    Affected Products : pan-os
    • Published: Jan. 06, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2008-1045

    Cross-site scripting (XSS) vulnerability in the file tree navigation function in system/workplace/views/explorer/tree_files.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter.... Read more

    Affected Products : opencms
    • Published: Feb. 27, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-1347

    Multiple cross-site scripting (XSS) vulnerabilities in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the q parameter in an about actio... Read more

    Affected Products : easycalendar
    • Published: Mar. 17, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-53221

    Missing Authorization vulnerability in codeablepress CodeablePress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CodeablePress: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-53343

    Missing Authorization vulnerability in GoodLayers Modernize allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Modernize: from n/a through 3.4.0.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authorization
Showing 20 of 293633 Results