Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2009-3194

    Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech SearchFeed Script allows remote attackers to inject arbitrary web script or HTML via the search parameter.... Read more

    Affected Products : searchfeed_script
    • Published: Sep. 15, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-2011

    Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter.... Read more

    Affected Products : deskpro
    • Published: Apr. 12, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-53268

    Cross-Site Request Forgery (CSRF) vulnerability in ryanpcmcquen Import external attachments allows Cross Site Request Forgery. This issue affects Import external attachments: from n/a through 1.5.12.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2023-30685

    Improper access control vulnerability in Telecom prior to SMR Aug-2023 Release 1 allows local attakcers to change TTY mode.... Read more

    Affected Products : android android dex
    • Published: Aug. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-31596

    Missing Authorization vulnerability in Chatwee Chat by Chatwee allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Chat by Chatwee: from n/a through 2.1.3.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2023-4036

    The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and pa... Read more

    Affected Products : simple_blog_card
    • Published: Aug. 30, 2023
    • Modified: May. 02, 2025

  • 4.3

    MEDIUM
    CVE-2025-42987

    SAP Manage Processing Rules (For Bank Statement) allows an attacker with basic privileges to edit shared rules of any user by tampering the request parameter. Due to missing authorization check, the attacker can edit rules that should be restricted, compr... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025

  • 4.3

    MEDIUM
    CVE-2025-26948

    Missing Authorization vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2.... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2021-3005

    MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information (e.g., a CPF number) via a modified titulo (aka invoice number) value to the central/recibo.php URI.... Read more

    Affected Products : mk-auth
    • Published: Jan. 03, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-31376

    Missing Authorization vulnerability in Mayeenul Islam NanoSupport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NanoSupport: from n/a through 0.6.0.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2012-1410

    Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status descript... Read more

    Affected Products : kadu
    • Published: Feb. 29, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-5303

    Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. Tendermint does not limit the number of P2P connection requests. For each p2p connection, it allocates XXX bytes. Even though this memory is garbage collected o... Read more

    Affected Products : tendermint
    • Published: Apr. 10, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-8307

    Multiple cross-site scripting (XSS) vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter in the "drop down TOP menu (with path)" section or (... Read more

    Affected Products : cart_engine
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2019-9610

    An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?res_path=res&up_dir=../ directory traversal, related to the getTemplates function in TemplateController.java.... Read more

    Affected Products : ofcms
    • Published: Mar. 06, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-33922

    Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through 3.13.2.... Read more

    Affected Products : website_builder
    • Published: Jun. 11, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-7184

    Gretech GOM Media Player 2.2.56.5158 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted AVI file.... Read more

    Affected Products : gom_player
    • Published: Jan. 24, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2005-3516

    Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk Directory script allows remote attackers to inject arbitrary web script or HTML via the entryID parameter.... Read more

    Affected Products : chipmunk_directory
    • Published: Nov. 06, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2024-24711

    Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11. ... Read more

    Affected Products : woocommerce_conversion_tracking
    • Published: Mar. 26, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-2177

    Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via an entity bundle label.... Read more

    Affected Products : drupal display_suite
    • Published: Jun. 25, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-15935

    A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords and RADIUS shared secret by deobfuscati... Read more

    Affected Products : fortiadc
    • Published: Nov. 02, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294353 Results