Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2011-4572

    Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php in CF Image Hosting Script 1.3.82, 1.4.1, and probably other versions before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this was origina... Read more

    Affected Products : cf_image_hosting_script
    • Published: Nov. 29, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-4103

    The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.0. This is due to missing or incorrect nonce validation on several functions hooked via the controller() f... Read more

    Affected Products :
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-4459

    Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a... Read more

    Affected Products : redmine
    • Published: Dec. 30, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2016-0222

    IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors.... Read more

    • Published: Mar. 14, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-4406

    Cross-site scripting (XSS) vulnerability in Forms/login1 in American Power Conversion (APC) Switched Rack PDU AP7932 B2, running rpdu 3.3.3 or 3.7.0 on AOS 3.3.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML ... Read more

    Affected Products : ap7932_b2_firmware ap7932_b2 aos
    • Published: Dec. 23, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-1331

    Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to inject arbitrary web script or HTML via unspecified vectors that bypass the client-side protection scheme, one of which may be the q... Read more

    Affected Products : eportfolio
    • Published: Mar. 07, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2011-2732

    CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-securit... Read more

    Affected Products : springsource_spring_security
    • Published: Dec. 05, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-5282

    Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus Library Standard and Web Edition 04-00 and 04-01, might allow remote attackers to cause a denial of service (agent process crash) via invalid data from clients other than Cosminexus Manager.... Read more

    • Published: Oct. 09, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2018-14519

    An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page.... Read more

    Affected Products : kirby
    • Published: Aug. 24, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-2086

    The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to... Read more

    Affected Products : essential_blocks
    • Published: Jun. 09, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-6325

    Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio par... Read more

    Affected Products : classifieds_script
    • Published: Feb. 27, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-0702

    Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 3.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : garoon
    • Published: Feb. 14, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-0707

    The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack... Read more

    • Published: Apr. 18, 2022
    • Modified: Feb. 07, 2025

  • 4.3

    MEDIUM
    CVE-2013-0275

    Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3.5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : ganglia-web
    • Published: Mar. 14, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-4745

    Cross-site scripting (XSS) vulnerability in emailFriend.asp in Uniwin eCart Professional 2.0.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : ecart_professional
    • Published: Oct. 27, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-1346

    The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_page_cache function. This makes it possible ... Read more

    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-36748

    The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. This is due to missing or incorrect nonce validation on the handle_order_export() function. This makes it possible for unauthenticated atta... Read more

    Affected Products : dokan
    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-4426

    The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to make a logged in admin change arbit... Read more

    • Published: Jan. 09, 2023
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2018-0207

    A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to i... Read more

    • Published: Mar. 08, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-28870

    A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails.... Read more

    Affected Products : safe
    • Published: Apr. 15, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294299 Results