Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-28165

    Missing Authorization vulnerability in Tech Banker Backup Bank: WordPress Backup Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup Bank: WordPress Backup Plugin: from n/a through 4.0.28.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2021-20633

    Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors.... Read more

    Affected Products : office
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-6529

    Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip parameter to site/tools/searchResults.php.... Read more

    Affected Products : phpipam
    • Published: Aug. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2019-15871

    The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings.... Read more

    Affected Products : loginpress
    • Published: Sep. 03, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-3018

    Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refr... Read more

    Affected Products : maxthon_browser
    • Published: Aug. 31, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-2274

    Cross-site scripting (XSS) vulnerability in the sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : sr_feuser_register_extension
    • Published: May. 16, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2447

    Multiple cross-site scripting (XSS) vulnerabilities in ogp_show.php in Online Guestbook Pro 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search or (2) display parameter.... Read more

    Affected Products : online_guestbook_pro
    • Published: Jul. 13, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-5459

    The Restaurant Menu and Food Ordering plugin for WordPress is vulnerable to unauthorized creation of data due to a missing capability check on 'add_section', 'add_menu', 'add_menu_item', and 'add_menu_page' functions in all versions up to, and including, ... Read more

    Affected Products : five_star_restaurant_menu
    • Published: Jun. 05, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-3710

    SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product instal... Read more

    Affected Products : suse_lifecycle_management_server
    • Published: Dec. 10, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-7777

    Cross-site scripting (XSS) vulnerability in index.php in JosephErnest Void before 2015-10-02 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.... Read more

    Affected Products : void
    • Published: Nov. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2011-1042

    Use-after-free vulnerability in flimflamd in flimflam in Google Chrome OS before 0.9.130.14 Beta allows user-assisted remote attackers to cause a denial of service (daemon crash) by providing the name of a hidden WiFi network that does not respond to conn... Read more

    Affected Products : chrome_os
    • Published: Feb. 18, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-1846

    The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : tiny_contact_form
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-43472

    Missing Authorization vulnerability in StylemixThemes eRoom – Zoom Meetings & Webinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eRoom – Zoom Meetings & Webinar: from n/a through 1.4.6.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 4.3

    MEDIUM
    CVE-2008-1894

    Cross-site scripting (XSS) vulnerability in desktoplaunch/InfoView/logon/logon.object in BusinessObjects InfoView XI R2 SP1, SP2, and SP3 Java version before FixPack 3.5 allows remote attackers to inject arbitrary web script or HTML via the cms parameter.... Read more

    Affected Products : infoview
    • Published: Apr. 18, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-2717

    Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configurati... Read more

    Affected Products : drupal mobile_tools
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5756

    The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2, when a collective configuration is enabled, has a single secret key that is shared across different customers' installations, which allows remote attackers to ... Read more

    • Published: Nov. 23, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-23686

    Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the ... Read more

    Affected Products : aos-cx cx_6200f cx_6300 cx_6400 cx_8320 cx_8325 cx_8400 cx_8360 cx_10000 cx_9300 +3 more products
    • Published: Sep. 06, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-4964

    IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419.... Read more

    • Published: Apr. 12, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-3759

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Search Functionality.... Read more

    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-2064

    Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter.... Read more

    Affected Products : drupal views_lang_switch
    • Published: Sep. 05, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293660 Results