Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2012-2274

    Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.... Read more

    Affected Products : pivotx
    • Published: Aug. 13, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-3903

    Multiple cross-site scripting (XSS) vulnerabilities in jspui/index.jsp in ManageEngine Netflow Analyzer 7.5 build 7500 allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) section parameters. NOTE: the provenance of this... Read more

    Affected Products : netflow_analyzer netflow_analyzer
    • Published: Nov. 06, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-1089

    The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack... Read more

    Affected Products : coupon_zen
    • Published: Mar. 27, 2023
    • Modified: Feb. 19, 2025

  • 4.3

    MEDIUM
    CVE-2023-1233

    Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension. (Chro... Read more

    Affected Products : chrome edge_chromium
    • Published: Mar. 07, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-1402

    The course participation report required additional checks to prevent roles being displayed which the user did not have access to view.... Read more

    Affected Products : moodle
    • Published: Mar. 23, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-1204

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email a... Read more

    Affected Products : gitlab
    • Published: May. 03, 2023
    • Modified: Jan. 30, 2025

  • 4.3

    MEDIUM
    CVE-2023-1232

    Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • Published: Mar. 07, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-4074

    The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of outp... Read more

    Affected Products : internet_explorer
    • Published: Nov. 25, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-1344

    The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucss_update_rule function. This makes it possible... Read more

    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-6096

    Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS before 5.4r10, 6.0r6, and 6.1r2 allows remote attackers to inject arbitrary web script or HTML via the user name parameter to the (1) web interface login page or the (2) telnet login p... Read more

    • Published: Feb. 09, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2022-48364

    The undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user... Read more

    Affected Products : mastodon
    • Published: Mar. 06, 2023
    • Modified: Mar. 06, 2025

  • 4.3

    MEDIUM
    CVE-2023-1236

    Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • Published: Mar. 07, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-1334

    The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. This makes it possible for authenticated at... Read more

    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-48309

    A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.... Read more

    Affected Products : connect
    • Published: Mar. 01, 2023
    • Modified: Mar. 07, 2025

  • 4.3

    MEDIUM
    CVE-2023-1337

    The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attack... Read more

    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-1345

    The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queue_posts function. This makes it possible for u... Read more

    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-1338

    The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated at... Read more

    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-1336

    The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated a... Read more

    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-1375

    The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1.1.2 due to a missing capability check in the deleteCacheToolbar function . This makes it possible for authenticated attackers, with ... Read more

    Affected Products : wp_fastest_cache
    • Published: Jun. 09, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-1335

    The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1. This makes it possible for authenticat... Read more

    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293354 Results