Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-31456

    Cross-Site Request Forgery (CSRF) vulnerability in bsndev Ultimate Security Checker allows Cross Site Request Forgery. This issue affects Ultimate Security Checker: from n/a through 4.2.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2008-1273

    Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) popup.php, (2) test/dir2.php, (3) admin/upload.php, and (4) dirxml.php in upload/. NOTE: the p... Read more

    Affected Products : imagevue
    • Published: Mar. 10, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-26849

    There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, and earlier and later versions. This key can be used to decrypt inventory files that contain sensitive information such as firewall rules.... Read more

    Affected Products : docusnap
    • Published: Mar. 04, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cryptography

  • 4.3

    MEDIUM
    CVE-2008-1485

    Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php.... Read more

    Affected Products : punbb
    • Published: Mar. 24, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-1202

    Cross-site scripting (XSS) vulnerability in the web management interface in Adobe LiveCycle Workflow 6.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : livecycle_workflow
    • Published: Mar. 12, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-5417

    The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_update_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, ... Read more

    Affected Products : funnelforms_free funnelforms
    • Published: Nov. 22, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-1283

    Cross-site scripting (XSS) vulnerability in Neptune Web Server 3.0 allows remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in the 404 error page.... Read more

    Affected Products : neptune_web_server
    • Published: Mar. 11, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-0861

    Cross-site scripting (XSS) vulnerability in leg/Main.nsf in IBM Lotus Quickplace 7.0 allows remote attackers to inject arbitrary web script or HTML via an h_SearchString sub-parameter in the PreSetFields parameter of an EditDocument action.... Read more

    Affected Products : lotus_quickplace
    • Published: Feb. 21, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-49967

    Cross-Site Request Forgery (CSRF) vulnerability in marcusjansen Live Sports Streamthunder allows Cross Site Request Forgery. This issue affects Live Sports Streamthunder: from n/a through 2.1.... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-39385

    Missing Authorization vulnerability in VW Themes Sirat allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sirat: from n/a through 1.5.1.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-27926

    In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users.... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2023-5713

    The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for au... Read more

    Affected Products : system_dashboard
    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-49971

    Missing Authorization vulnerability in aThemeArt Translations eDS Responsive Menu allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects eDS Responsive Menu: from n/a through 1.2.... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-7841

    The Sertifier Certificate & Badge Maker for WordPress – Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19. This is due to missing or incorrect nonce validation on the 'sertifier_settings'... Read more

    Affected Products :
    • Published: Aug. 23, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2008-1229

    Cross-site scripting (XSS) vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to inject arbitrary web script or HTML via the editor parameter, a different vector than CVE-2007-5120.b.... Read more

    Affected Products : jspwiki
    • Published: Mar. 10, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-7839

    The Restore Permanently delete Post or Page Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the rp_dpo_dpa_ajax_dp_delete_data() funct... Read more

    Affected Products :
    • Published: Aug. 23, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2008-1175

    Cross-site scripting (XSS) vulnerability in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter to aspAdmin/deleteUser.asp, a different vector than CVE-2008-1174. NOTE: the provenance of this in... Read more

    Affected Products : authentix
    • Published: Mar. 06, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-1477

    Multiple cross-site scripting (XSS) vulnerabilities in busca.php in eForum 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) busca and (2) link parameters.... Read more

    Affected Products : eforum
    • Published: Mar. 24, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-1114

    Vocera Communications wireless handsets, when using Protected Extensible Authentication Protocol (PEAP), do not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks... Read more

    Affected Products : wireless_handset
    • Published: Mar. 03, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-5711

    The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authen... Read more

    Affected Products : system_dashboard
    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293565 Results