Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2012-3836

    Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) groupname parameter in a savecategory in the users module; (2) virtual_filename, (3) branch, (4) conta... Read more

    Affected Products : baby_gekko
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-1052

    Cross-site scripting (XSS) vulnerability in the poll archive in PHPKIT 1.6.6 (Build 160014) allows remote attackers to inject arbitrary web script or HTML via the result parameter to upload_files/pk/include.php.... Read more

    Affected Products : phpkit
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2022-45349

    Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. ... Read more

    Affected Products : betheme
    • Published: Mar. 25, 2024
    • Modified: Jan. 31, 2025

  • 4.3

    MEDIUM
    CVE-2015-0494

    Unspecified vulnerability in the Oracle Retail Central Office component in Oracle Retail Applications 13.1, 13.2, 13.3, 13.4, 14.0, and 14.1 allows remote attackers to affect integrity via unknown vectors.... Read more

    Affected Products : retail_applications
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-3324

    Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7.07 allow remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter to (1) comersus_customerAuthenticateForm.asp or (2) comersus_message.asp, different vecto... Read more

    Affected Products : comersus_cart
    • Published: Jun. 21, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-8811

    ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures.... Read more

    Affected Products : bludit
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-35972

    An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accounts via member/member/add.html.... Read more

    Affected Products : yzmcms
    • Published: Jun. 03, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-3450

    Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, wh... Read more

    Affected Products : i-load
    • Published: Sep. 29, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2021-31464

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici... Read more

    Affected Products : reader windows 3d
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-4832

    IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensitive cookie information by sniffing the network during a... Read more

    • Published: Nov. 28, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2022-4962

    A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /users of the component Configuration Center. The manipulation leads to improper authorization. The attack may ... Read more

    Affected Products : apollo
    • Published: Jan. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-48016

    OpenFlow discovery protocol can exhaust resources because it is not rate limited... Read more

    Affected Products :
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2012-0936

    Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1 allows remote attackers to inject arbitrary web script o... Read more

    Affected Products : opennms opennms
    • Published: Jan. 29, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-6955

    Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.... Read more

    Affected Products : opera_browser
    • Published: Jan. 29, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-0703

    Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus95857.... Read more

    Affected Products : unified_meetingplace
    • Published: Apr. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2025-49250

    Improper Control of Generation of Code ('Code Injection') vulnerability in cmoreira Team Showcase allows Code Injection. This issue affects Team Showcase: from n/a through n/a.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2018-11631

    Rondaful M1 Wristband Smart Band 1 devices allow remote attackers to send an arbitrary number of call or SMS notifications via crafted Bluetooth Low Energy (BLE) traffic.... Read more

    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-3056

    Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter.... Read more

    Affected Products : websvn
    • Published: Jun. 06, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-30926

    Missing Authorization vulnerability in KingAddons.com King Addons for Elementor. This issue affects King Addons for Elementor: from n/a through 24.12.58.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2023-41363

    In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users.... Read more

    Affected Products : cerebrate
    • Published: Aug. 29, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294466 Results