Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-40670

    Missing Authorization vulnerability in ReviewX Team ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.17.... Read more

    Affected Products : reviewx
    • Published: Dec. 13, 2024
    • Modified: Jun. 27, 2025

  • 4.3

    MEDIUM
    CVE-2023-39995

    Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Portfolio and Projects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio and Projects: from n/a through 1.3.7.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 4.3

    MEDIUM
    CVE-2023-37984

    Missing Authorization vulnerability in ExpressTech Quiz And Survey Master allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through 8.1.10.... Read more

    Affected Products : quiz_and_survey_master
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 4.3

    MEDIUM
    CVE-2023-33998

    Missing Authorization vulnerability in cybernetikz Easy Social Icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Social Icons: from n/a through 3.2.5.... Read more

    Affected Products : easy_social_icons
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 4.3

    MEDIUM
    CVE-2024-32107

    Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0. ... Read more

    Affected Products : finale
    • Published: Apr. 11, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31264

    Unauthenticated Cross Site Request Forgery (CSRF) in Post Views Counter <= 1.4.4 versions.... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31251

    Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.3.1.1. ... Read more

    Affected Products : peepso
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31239

    Cross-Site Request Forgery (CSRF) vulnerability in Nudgify Nudgify Social Proof, Sales Popup & FOMO.This issue affects Nudgify Social Proof, Sales Popup & FOMO: from n/a through 1.3.3. ... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31289

    Cross-Site Request Forgery (CSRF) vulnerability in Elementor Hello Elementor.This issue affects Hello Elementor: from n/a through 3.0.0. ... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-42122

    Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s attributes with numeric format allows an authenticated remote attacker with Object Modification privileges to i... Read more

    Affected Products : topease topease
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-4679

    IBM Content Navigator 3.0CD could allow an authenticated user to gain information about the hosting operating system and version that could be used in further attacks against the system. IBM X-Force ID: 171515.... Read more

    Affected Products : content_navigator
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-8322

    Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Easily exploitable vulnerability allows low privileged attacker w... Read more

    Affected Products : flexcube_core_banking
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2009-0533

    Cross-site scripting (XSS) vulnerability in password.php in Scripts for Sites EZ Reminder allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the u2 parameter. NOTE: the provenance of this informatio... Read more

    Affected Products : ez_reminder
    • Published: Feb. 11, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-8247

    Cross-site scripting (XSS) vulnerability in synnefoclient in Synnefo Internet Management Software (IMS) 2015 allows remote attackers to inject arbitrary web script or HTML via the plan_name parameter to packagehistory/listusagesdata.... Read more

    Affected Products : internet_management_software
    • Published: Dec. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2021-34944

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou... Read more

    Affected Products : microstation view bentley_view
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-4711

    The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-lev... Read more

    Affected Products : royal_elementor_addons
    • Published: Jan. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-1872

    Cross-site scripting (XSS) vulnerability in cPlayer.php in FlashCard 2.6.5 and 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information.... Read more

    Affected Products : flashcard
    • Published: May. 12, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-3607

    Cross-site scripting (XSS) vulnerability in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the id parameter.... Read more

    Affected Products : real_estate_portal
    • Published: Sep. 24, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-3605

    Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3 powermail
    • Published: Sep. 24, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-14170

    Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability.... Read more

    Affected Products : bitbucket_server bitbucket
    • Published: Jul. 09, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 293339 Results