Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-8006

    The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bug ID CSCup85422.... Read more

    • Published: Dec. 17, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-35298

    Improper authorization in handler for custom URL scheme issue in 'ZOZOTOWN' App for Android versions prior to 7.39.6 allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device. As a result, the ... Read more

    Affected Products :
    • Published: Jun. 19, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-10388

    A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server.... Read more

    • Published: Aug. 07, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-29225

    WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allow a network-adjacent unauthenticated attacker to obtain the configuration file containing sensitive information by sending a specially crafted request.... Read more

    • Published: Apr. 04, 2024
    • Modified: Mar. 27, 2025

  • 4.3

    MEDIUM
    CVE-2024-0366

    The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible f... Read more

    Affected Products : starbox
    • Published: Feb. 05, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-0886

    Cross-site scripting (XSS) vulnerability in register.php in DEV web management system 1.5 allows remote attackers to inject arbitrary web script or HTML via the "City/Region" field (mesto variable). NOTE: the provenance of this information is unknown; th... Read more

    Affected Products : dev_web_management_system
    • Published: Feb. 25, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2024-34371

    Missing Authorization vulnerability in Hamid Alinia – idehweb Login with phone number.This issue affects Login with phone number: from n/a through 1.7.18. ... Read more

    Affected Products : login_with_phone_number
    • Published: May. 06, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-39973

    Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows the unauthorized removal of attachments from campaigns.... Read more

    Affected Products : acymailing
    • Published: Aug. 17, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-4207

    Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission.... Read more

    Affected Products : drupal webform
    • Published: Dec. 04, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-10439

    A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.... Read more

    Affected Products : crx_content_package_deployer
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-6882

    Cross-site scripting (XSS) vulnerability in golden book allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : golden_book
    • Published: Dec. 31, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-5457

    Multiple cross-site scripting (XSS) vulnerabilities in the registration form in Casinosoft Casino Script (Masvet) 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) surname field.... Read more

    Affected Products : casino_script
    • Published: Oct. 23, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2932

    Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field.... Read more

    Affected Products : netweaver
    • Published: Aug. 21, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-9929

    A vulnerability exists in NSD570 that allows any authenticated user to access all device logs disclosing login information with timestamps.... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 4.3

    MEDIUM
    CVE-2025-52719

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss ProfileGrid allows Retrieve Embedded Sensitive Data. This issue affects ProfileGrid : from n/a through 5.9.5.2.... Read more

    Affected Products : profilegrid
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2023-24599

    OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion."... Read more

    Affected Products : ox_app_suite
    • Published: May. 29, 2023
    • Modified: Jan. 14, 2025

  • 4.3

    MEDIUM
    CVE-2024-9109

    The WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_oauth_data function in all versions up to, and including, 2.3.11. This make... Read more

    Affected Products : woocommerce_ups_shipping
    • Published: Oct. 25, 2024
    • Modified: Nov. 06, 2024

  • 4.3

    MEDIUM
    CVE-2022-1251

    The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request.... Read more

    Affected Products : ask_me
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-1726

    There is a SQL injection issue in Esri ArcGIS Monitor versions 2023.0 through 2024.x on Windows and Linux that allows a remote, authenticated attacker with low privileges to improperly read limited database schema information by passing crafted queries. W... Read more

    Affected Products :
    • Published: Feb. 26, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2022-26054

    Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.... Read more

    Affected Products : garoon
    • Published: Jul. 04, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293609 Results