Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-37431

    Cross-Site Request Forgery (CSRF) vulnerability in Horea Radu Mesmerize allows Cross Site Request Forgery.This issue affects Mesmerize: from n/a through 1.6.120.... Read more

    Affected Products : mesmerize
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-37417

    Cross-Site Request Forgery (CSRF) vulnerability in Coachify Coachify allows Cross Site Request Forgery.This issue affects Coachify: from n/a through 1.0.7.... Read more

    Affected Products :
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-37490

    Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Bard allows Cross Site Request Forgery.This issue affects Bard: from n/a through 2.210.... Read more

    Affected Products :
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-37473

    Cross-Site Request Forgery (CSRF) vulnerability in BlazeThemes Trendy News allows Cross Site Request Forgery.This issue affects Trendy News: from n/a through 1.0.15.... Read more

    Affected Products :
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-37467

    Cross-Site Request Forgery (CSRF) vulnerability in ThemeIsle Hestia allows Cross Site Request Forgery.This issue affects Hestia: from n/a through 3.1.2.... Read more

    Affected Products :
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-37518

    Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar The Events Calendar allows Cross Site Request Forgery.This issue affects The Events Calendar: from n/a through 6.5.1.4.... Read more

    Affected Products : the_events_calendar
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-37508

    Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Construction Landing Page allows Cross Site Request Forgery.This issue affects Construction Landing Page: from n/a through 1.3.5.... Read more

    Affected Products :
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-37493

    Cross-Site Request Forgery (CSRF) vulnerability in SKT Themes Posterity allows Cross Site Request Forgery.This issue affects Posterity: from n/a through 3.3.... Read more

    Affected Products : posterity
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-38754

    Cross-Site Request Forgery (CSRF) vulnerability in Tagbox Taggbox allows Cross Site Request Forgery.This issue affects Taggbox: from n/a through 3.3.... Read more

    Affected Products : taggbox
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2018-8452

    An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers, aka "Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsof... Read more

    • Published: Sep. 13, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-6746

    Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 allow remote attackers to inject arbitrary web script or HTML via the id_news parameter to (1) add_comment.php or (2) show_news.php.... Read more

    Affected Products : xt-news
    • Published: Dec. 27, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-0471

    Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script... Read more

    • Published: Apr. 25, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2018-4440

    A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.... Read more

    Affected Products : itunes iphone_os safari icloud windows
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-6478

    gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tool... Read more

    Affected Products : pidgin
    • Published: Feb. 06, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-44988

    Missing Authorization vulnerability in Martin Gibson WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.32.... Read more

    Affected Products : wp_custom_admin_interface
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2023-3407

    The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.40. This is due to missing or incorrect nonce validation when sending test emails. This makes it possible for unauthenticated attackers to... Read more

    Affected Products : subscribe2
    • Published: Jun. 28, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-4623

    The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consump... Read more

    Affected Products : polarssl
    • Published: Sep. 30, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-5239

    Multiple cross-site scripting (XSS) vulnerabilities in eXpBlog 0.3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the query string (PHP_SELF) in kalender.php or (2) the captcha_session_code parameter in pre_details.php... Read more

    Affected Products : expblog
    • Published: Oct. 12, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-6636

    The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote atta... Read more

    Affected Products : chrome
    • Published: Dec. 07, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-5299

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Gcontact 0.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : gcontact
    • Published: Oct. 17, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 294853 Results