Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-12879

    The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'qc_wp_latest_update_check_pro' function in all versions up to, and including, 13.5.5. This makes it possible ... Read more

    Affected Products : wpot wpot
    • Published: Jan. 22, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2019-19309

    GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control.... Read more

    Affected Products : gitlab
    • Published: Jan. 03, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-0909

    Cross-site scripting (XSS) vulnerability in browse.asp in Schoolwires Academic Portal allows remote attackers to inject arbitrary web script or HTML via the c parameter. NOTE: the provenance of this information is unknown; the details are obtained solely... Read more

    Affected Products : academic_portal
    • Published: Feb. 22, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-21562

    Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Run Control Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker wit... Read more

    • Published: Jan. 21, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2008-0917

    Cross-site scripting (XSS) vulnerability in Tor World Tor Search 1.1 and earlier, I-Navigator 4.0, Mobile Frontier 2.1 and earlier, Diary.cgi (aka Quotes of the Day) 1.5 and earlier, Tor News 1.21 and earlier, Simple BBS 1.3 and earlier, Interactive BBS 1... Read more

    • Published: Feb. 22, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-6646

    Multiple cross-site scripting (XSS) vulnerabilities in LiveCart 1.0.1, and possibly other versions before 1.1.0, allow remote attackers to inject arbitrary web script or HTML via (1) the return parameter to user/remindPassword, (2) the q parameter to the ... Read more

    Affected Products : livecart
    • Published: Jan. 04, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2011-0426

    Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors.... Read more

    Affected Products : virtualcenter vcenter
    • Published: May. 09, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-18462

    An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions.... Read more

    Affected Products : gitlab
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-57252

    OtCMS <=V7.46 is vulnerable to Server-Side Request Forgery (SSRF) in /admin/read.php, which can Read system files arbitrarily.... Read more

    Affected Products : otcms
    • Published: Jan. 17, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.3

    MEDIUM
    CVE-2019-18453

    An issue was discovered in GitLab Community and Enterprise Edition 11.6 through 12.4 in the add comments via email feature. It has Insecure Permissions.... Read more

    Affected Products : gitlab
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-1308

    Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecif... Read more

    Affected Products : websphere_application_server
    • Published: Mar. 08, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2025-48328

    Cross-Site Request Forgery (CSRF) vulnerability in Daman Jeet Real Time Validation for Gravity Forms allows Cross Site Request Forgery.This issue affects Real Time Validation for Gravity Forms: from n/a through 1.7.0.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2023-26002

    Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 6Storage Rentals: from n/a through 2.19.5.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2008-0717

    Cross-site scripting (XSS) vulnerability in Caching Proxy (CP) 5.1 through 6.1 in IBM WebSphere Edge Server, when CGI mapping rules are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger injection ... Read more

    Affected Products : websphere_edge_server
    • Published: Feb. 12, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-0691

    Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority], (2) wp_foot... Read more

    Affected Products : wp-footnotes wp-footnotes
    • Published: Feb. 12, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-18449

    An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the autocomplete feature. It has Insecure Permissions (issue 2 of 2).... Read more

    Affected Products : gitlab
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-26593

    Cross-Site Request Forgery (CSRF) vulnerability in FasterThemes FastBook allows Cross Site Request Forgery. This issue affects FastBook: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-28996

    Missing Authorization vulnerability in Thad Allender GPP Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GPP Slideshow: from n/a through 1.3.5.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-29005

    Cross-Site Request Forgery (CSRF) vulnerability in weblizar HR Management Lite allows Cross Site Request Forgery. This issue affects HR Management Lite: from n/a through 3.3.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2011-1280

    The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, wh... Read more

    • Published: Jun. 16, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 293350 Results