Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2020-36742

    The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on the edit_meta_value() function. This makes it possible for unauthen... Read more

    Affected Products : custom_field_template
    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4389

    The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the save_meta_data() function. This makes it possible for unauthenticated attac... Read more

    Affected Products : wp_travel
    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-30598

    Cross-Site Request Forgery (CSRF) vulnerability in Link OSS Upload allows Cross Site Request Forgery. This issue affects OSS Upload: from n/a through 4.8.9.... Read more

    Affected Products :
    • Published: Mar. 24, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-24419

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability t... Read more

    Affected Products : commerce commerce_b2b
    • Published: Feb. 11, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-53341

    Missing Authorization vulnerability in Themovation Stratus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Stratus: from n/a through 4.2.5.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2023-26845

    A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors.... Read more

    Affected Products : opencats
    • Published: Apr. 11, 2023
    • Modified: Feb. 10, 2025

  • 4.3

    MEDIUM
    CVE-2025-30568

    Cross-Site Request Forgery (CSRF) vulnerability in hitoy Super Static Cache allows Cross Site Request Forgery. This issue affects Super Static Cache: from n/a through 3.3.5.... Read more

    Affected Products :
    • Published: Mar. 24, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2020-23588

    A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to "Enable or Disable Ports" and to "Change port number" t... Read more

    Affected Products : op-xt71000n_firmware op-xt71000n
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 4.3

    MEDIUM
    CVE-2022-4769

    Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name.  ... Read more

    • Published: Apr. 03, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-0796

    The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.10. This is due to missing or incorrect nonce validation on the 'wprequal_reset_defaults' action. This makes it pos... Read more

    Affected Products : wprequal
    • Published: Feb. 18, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2023-51310

    A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large am... Read more

    Affected Products : car_park_booking_system
    • Published: Feb. 20, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2006-3077

    Cross-site scripting (XSS) vulnerability in guestbook.cfm in aXentGuestbook 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter.... Read more

    Affected Products : axentguestbook
    • Published: Jun. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2021-4392

    The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() functi... Read more

    Affected Products : ecommerce_product_catalog
    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-5355

    The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding. This provides the remotesupport user and users with restricted shells more access than is intended.... Read more

    Affected Products : emc_isilon_onefs
    • Published: Oct. 21, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-35044

    Cross-Site Request Forgery (CSRF) vulnerability in Drew Phillips Securimage-WP plugin <= 3.6.16 versions.... Read more

    Affected Products : securimage-wp-fixed
    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-36638

    An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6... Read more

    Affected Products : fortimanager fortianalyzer
    • Published: Sep. 13, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-13416

    Using API in the 2N OS device, authorized user can enable logging, which discloses valid authentication tokens in system log. 2N has released an updated version 2.46 of 2N OS, where this vulnerability is mitigated. It is recommended that all customers... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2023-28810

    Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local netw... Read more

    • Published: Jun. 15, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-29195

    Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point o... Read more

    Affected Products : vitess
    • Published: May. 11, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4391

    The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the mwb_wgm_save_post() function. This makes it possi... Read more

    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294836 Results