Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2004-2171

    Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting error page.... Read more

    Affected Products : cherokee_httpd
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-0876

    Multiple cross-site scripting (XSS) vulnerabilities in the print_language_selectbox function in classes/adminpage.inc.php in Saurus CMS Community Edition before 4.7 2015-02-04 allow remote attackers to inject arbitrary web script or HTML via unspecified v... Read more

    Affected Products : saurus_cms
    • Published: Apr. 07, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-30541

    Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Optimize.This issue affects LWS Optimize: from n/a through 1.9.1. ... Read more

    Affected Products :
    • Published: Mar. 31, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-0893

    Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Relay Novel allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : maroyaka_relay_novel
    • Published: Mar. 05, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2006-2066

    Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MKPortal 1.1 Rc1 and earlier, as used with vBulletin 3.5.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) u1, (2) m1, (3) m2, (4) m3, (5) m4 parame... Read more

    Affected Products : mkportal
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2024-5256

    Sonos Era 100 SMB2 Message Handling Integer Underflow Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos Era 100 smart speakers. Authentication is... Read more

    Affected Products : era_100_firmware era_100
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-6748

    The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to ex... Read more

    Affected Products : custom_field_template
    • Published: Jun. 11, 2024
    • Modified: Jan. 29, 2025

  • 4.3

    MEDIUM
    CVE-2024-32148

    Missing Authorization vulnerability in Salesforce Pardot.This issue affects Pardot: from n/a through 2.1.0.... Read more

    Affected Products :
    • Published: Jun. 11, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-1636

    Cross-site scripting (XSS) vulnerability in index.php in JV2 Quick Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the f parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from t... Read more

    Affected Products : quick_gallery
    • Published: Apr. 02, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-4874

    The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated att... Read more

    Affected Products : bricks
    • Published: Jun. 22, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-29155

    On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real o... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Aug. 29, 2025

  • 4.3

    MEDIUM
    CVE-2005-3730

    Multiple cross-site scripting (XSS) vulnerabilities in HTTPTranslatorServlet in Idetix Software Systems Revize CMS allow remote attackers to inject arbitrary web script or HTML via the (1) resourcetype, (2) objectmap, and (3) redirect parameters, possibly... Read more

    Affected Products : revize_cms
    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-4898

    Cross-site scripting (XSS) vulnerability in planetluc RateMe 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the rate parameter in a submit rate action.... Read more

    Affected Products : rateme
    • Published: Nov. 04, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-3500

    Cross-site scripting (XSS) vulnerability in the Suggested Terms module 5.x before 5.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via crafted Taxonomy terms.... Read more

    Affected Products : suggested_terms_module
    • Published: Aug. 06, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-17404

    Nokia IMPACT < 18A: allows full path disclosure... Read more

    Affected Products : impact
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-4504

    Multiple cross-site scripting (XSS) vulnerabilities in eSyndiCat Directory 2.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter to (1) suggest-category.php and (2) suggest-listing.php.... Read more

    Affected Products : esyndicat
    • Published: Dec. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2021-24570

    The Accept Donations with PayPal WordPress plugin before 1.3.1 offers a function to create donation buttons, which internally are posts. The process to create a new button is lacking a CSRF check. An attacker could use this to make an authenticated admin ... Read more

    Affected Products : accept_donations_with_paypal
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-6945

    Cross-site scripting (XSS) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to inject arbitrary web script or HTML via the bd parameter to sys/sys/listaBD2.jsp.... Read more

    Affected Products : jsp\/mysql_administrador_web
    • Published: Sep. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-13718

    The Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.26. This is due to missing or incorrect nonce validation on several func... Read more

    Affected Products : flexible_wishlist_for_woocommerce
    • Published: Feb. 18, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2015-7290

    Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to inject arbitrary web script or HTML via... Read more

    • Published: Nov. 21, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293360 Results