Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2005-4670

    Cross-site scripting (XSS) vulnerability in message.php in CityPost Automated Link Exchange (LNKX) allows remote attackers to inject arbitrary web script or HTML via the msg parameter.... Read more

    Affected Products : php_lnkx
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-1479

    Cross-site scripting (XSS) vulnerability in index.php in cyberfrogs.net cfnetgs 0.24 allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: the provenance of this information is unknown; the details are obtained... Read more

    Affected Products : cfnetgs
    • Published: Mar. 24, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-33542

    Authorization Bypass Through User-Controlled Key vulnerability in Fabio Rinaldi Crelly Slider.This issue affects Crelly Slider: from n/a through 1.4.5.... Read more

    Affected Products : crelly_slider
    • Published: Apr. 29, 2024
    • Modified: Aug. 27, 2025

  • 4.3

    MEDIUM
    CVE-2008-1560

    Multiple cross-site scripting (XSS) vulnerabilities in Digiappz DigiDomain 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) domain parameter to lookup_result.asp, and the (2) word1 and (3) word2 parameters to suggest_result.as... Read more

    Affected Products : digidomain
    • Published: Mar. 31, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-10528

    The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to unauthorized profile picture updates due to a missing capability check on the wp_ajax_um_resize_image(... Read more

    Affected Products : ultimate_member
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-13430

    The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the 'pagelayer_builder_posts_shortcode' function due to insufficient restrictions on whi... Read more

    Affected Products : pagelayer
    • Published: Mar. 12, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2023-5729

    A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119.... Read more

    Affected Products : firefox
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-23182

    CWE-203: Observable Discrepancy... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2024-57160

    07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaTask/edit.html.... Read more

    • Published: Jan. 16, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2008-1987

    Cross-site scripting (XSS) vulnerability in search.php in EncapsGallery 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter.... Read more

    Affected Products : encapsgallery
    • Published: Apr. 27, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-1503

    Cross-site scripting (XSS) vulnerability in the web management interface in F5 BIG-IP 9.4.3 allows remote attackers to inject arbitrary web script or HTML via (1) the name of a node object, or the (2) sysContact or (3) sysLocation SNMP configuration field... Read more

    Affected Products : big-ip_access_policy_manager tmos
    • Published: Mar. 25, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-48318

    Cross-Site Request Forgery (CSRF) vulnerability in shen2 多说社会化评论框 allows Cross Site Request Forgery. This issue affects 多说社会化评论框: from n/a through 1.2.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-54535

    A path handling issue was addressed with improved logic. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker with access to calendar data could also read reminders.... Read more

    Affected Products : iphone_os watchos ipados visionos
    • Published: Jan. 15, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2025-22729

    Missing Authorization vulnerability in Infomaniak Staff VOD Infomaniak allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VOD Infomaniak: from n/a through 1.5.9.... Read more

    Affected Products : vod_infomaniak
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-52996

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions 2.32.0 and prior, the implementation of password protected links is error-prone, resulting in po... Read more

    Affected Products : filebrowser
    • Published: Jun. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2008-2006

    Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit i... Read more

    Affected Products : mac_os_x ical
    • Published: May. 22, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-5967

    Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Nov. 06, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-13215

    The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authentica... Read more

    Affected Products : elementor_addon_elements
    • Published: Jan. 15, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2008-1504

    Cross-site scripting (XSS) vulnerability in setup.php3 in phpHeaven phpMyChat 0.14.5 allows remote attackers to inject arbitrary web script or HTML via the Lang parameter. NOTE: the provenance of this information is unknown; the details are obtained sole... Read more

    Affected Products : phpmychat
    • Published: Mar. 25, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-2026

    Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258, and other versions before 5.3.3.378, allows remote attackers to inject arbitrary web script or HTML via a URL-encoded postdata parameter. NOTE: thi... Read more

    Affected Products : authentication_agent
    • Published: Apr. 30, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 293627 Results