Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2009-4690

    Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Programs Rating Script allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rate.php and (2) postcomments.php.... Read more

    Affected Products : programs_rating_script
    • Published: Mar. 10, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-1457

    Cross-site scripting (XSS) vulnerability in player.php in Nuke Evolution Xtreme 2.x allows remote attackers to inject arbitrary web script or HTML via the defaultVisualExt parameter. NOTE: the provenance of this information is unknown; the details are ob... Read more

    Affected Products : nuke_evolution_xtreme
    • Published: Apr. 28, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4694

    Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the fid parameter in a view_forum action. NOTE: the provenance of this information is unknown; the de... Read more

    Affected Products : radlance
    • Published: Mar. 10, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-0303

    Cross-site scripting (XSS) vulnerability in Web Help Desk before 9.1.18 allows remote attackers to inject arbitrary web script or HTML via vectors related to "encoded JavaScript" and Helpdesk.woa.... Read more

    Affected Products : web_help_desk
    • Published: Jan. 27, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-4871

    Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.... Read more

    Affected Products : openlitespeed litespeed_web_server
    • Published: Sep. 06, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2017-15199

    In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.... Read more

    Affected Products : kanboard
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-15014

    OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an au... Read more

    Affected Products : documentum_content_server
    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2023-30548

    gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running th... Read more

    Affected Products : gatsby
    • Published: Apr. 17, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1099

    IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659.... Read more

    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2023-28871

    Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link.... Read more

    Affected Products : secure_enterprise_client
    • Published: Dec. 09, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-49099

    Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4.... Read more

    Affected Products : discourse
    • Published: Jan. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-7823

    Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : wnc01wh_firmware wnc01wh
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2023-49584

    SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, UI_700 200, SAP_BASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application. ... Read more

    Affected Products : fiori_launchpad
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-4125

    The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stor... Read more

    Affected Products : popup_manager
    • Published: Dec. 19, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-41533

    A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attac... Read more

    • Published: Sep. 28, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-1390

    The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creating_pricing_table_page function in a... Read more

    • Published: Feb. 29, 2024
    • Modified: Jan. 22, 2025

  • 4.3

    MEDIUM
    CVE-2024-1336

    The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the optimizeAllOn function. This makes it possi... Read more

    • Published: Feb. 29, 2024
    • Modified: Dec. 31, 2024

  • 4.3

    MEDIUM
    CVE-2024-0984

    The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for... Read more

    • Published: Feb. 29, 2024
    • Modified: Dec. 27, 2024

  • 4.3

    MEDIUM
    CVE-2024-0514

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_compare function. This makes it poss... Read more

    Affected Products : royal_elementor_addons
    • Published: Feb. 29, 2024
    • Modified: Jan. 08, 2025

  • 4.3

    MEDIUM
    CVE-2023-48651

    Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) at /ccm/system/dialogs/file/delete/1/submit.... Read more

    Affected Products : concrete_cms concrete5
    • Published: Feb. 29, 2024
    • Modified: Dec. 16, 2024
Showing 20 of 293493 Results