Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2011-5128

    Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize plugin before 1.7.22 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) inc-options/deinstall_options.php, (2) inc-options/theme_o... Read more

    Affected Products : wordpress adminimize
    • Published: Aug. 29, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-1910

    The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for una... Read more

    Affected Products : categorify
    • Published: Feb. 27, 2024
    • Modified: Jan. 07, 2025

  • 4.3

    MEDIUM
    CVE-2011-1330

    Cross-site scripting (XSS) vulnerability in WeblyGo 5.0 Pro/LE, 5.02 Pro/LE, 5.03 Pro/LE, 5.04 Pro/LE, and 5.10 Pro/LE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : weblygo
    • Published: Jun. 22, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-4748

    Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information.... Read more

    Affected Products : pmwiki
    • Published: Mar. 01, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-4778

    Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka fmusername), (2)... Read more

    Affected Products : groupware imp
    • Published: Apr. 04, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-5143

    Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 2.3.20 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tf_name, (2) tf_delegation, and (3) tf_ip parameters to index.php. ... Read more

    Affected Products : open_business_management
    • Published: Aug. 31, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-5142

    Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 2.4.0-rc13 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tf_delegation, (2) tf_ip, or (3) tf_name parameter in a search ... Read more

    Affected Products : open_business_management
    • Published: Aug. 31, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-1953

    Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an un... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 29, 2024
    • Modified: Dec. 13, 2024

  • 4.3

    MEDIUM
    CVE-2010-4757

    Cross-site scripting (XSS) vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web script or HTML via the submitnews_title parameter, a different vector than CVE-2008-6208. NOTE: some of these details are obt... Read more

    Affected Products : e107
    • Published: Mar. 15, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-13005

    An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through 12.0.2. The GitLab graphql service was vulnerable to multiple authorization issues that disclosed restricted user, group, and repository metadata to unauthorized users... Read more

    Affected Products : gitlab
    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-20839

    systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) c... Read more

    • Published: May. 17, 2019
    • Modified: May. 05, 2025

  • 4.3

    MEDIUM
    CVE-2010-4718

    Multiple cross-site scripting (XSS) vulnerabilities in the Lyftenbloggie (com_lyftenbloggie) component 1.1.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) tag and (2) category parameters to index.php.... Read more

    Affected Products : joomla\! com_lyftenbloggie
    • Published: Feb. 01, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-4918

    Multiple cross-site scripting (XSS) vulnerabilities in Elxis CMS 2009.2, 2009.3 and 2009.3 Aphrodite before revision 2684 allow remote attackers to inject arbitrary web script or HTML via the (1) task parameter to elxis/index.php, and (2) PATH_INFO to elx... Read more

    Affected Products : elxis_cms
    • Published: Aug. 29, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-3741

    The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool.... Read more

    Affected Products : linux gimp
    • Published: Aug. 27, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2011-5180

    Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in the ZooEffect plugin 1.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third party i... Read more

    Affected Products : wordpress zooeffect
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-1976

    The Marketing Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20200925. This is due to missing or incorrect nonce validation via the admin/main-settings-page.php file. This makes it possible... Read more

    Affected Products : marketing_optimizer
    • Published: Feb. 29, 2024
    • Modified: Mar. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-4887

    Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the username f... Read more

    • Published: Sep. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2011-5160

    Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter.... Read more

    Affected Products : openemr
    • Published: Sep. 09, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-5179

    Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.... Read more

    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-1909

    The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This makes it possible for un... Read more

    Affected Products : categorify
    • Published: Feb. 27, 2024
    • Modified: Jan. 07, 2025
Showing 20 of 293584 Results