Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2018-3759

    private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a publ... Read more

    Affected Products : private_address_check
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-3751

    Cross-site scripting (XSS) vulnerability in home.php in Opial 1.0 allows remote attackers to inject arbitrary web script or HTML via the genres_parent parameter.... Read more

    Affected Products : opial
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-8030

    Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381.... Read more

    Affected Products : webex_meetings_server
    • Published: Jan. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2022-2377

    The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog... Read more

    Affected Products : directorist
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-38482

    A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4.... Read more

    Affected Products : hopex
    • Published: Jan. 10, 2023
    • Modified: May. 30, 2025

  • 4.3

    MEDIUM
    CVE-2022-3301

    Improper Cleanup on Thrown Exception in GitHub repository ikus060/rdiffweb prior to 2.4.8.... Read more

    Affected Products : rdiffweb
    • Published: Sep. 26, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-45304

    Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder.... Read more

    Affected Products : chocolatey_cmder
    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 4.3

    MEDIUM
    CVE-2023-1340

    The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_uucss_logs function. This makes it possible ... Read more

    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-7622

    The Revision Manager TMC plugin for WordPress is vulnerable to unauthorized arbitrary email sending due to a missing capability check on the _a_ajaxQuickEmailTestCallback() function in all versions up to, and including, 2.8.19. This makes it possible for ... Read more

    Affected Products : revision_manager_tmc
    • Published: Sep. 06, 2024
    • Modified: Sep. 26, 2024

  • 4.3

    MEDIUM
    CVE-2015-2976

    Multiple cross-site scripting (XSS) vulnerabilities in Research Artisan Lite before 1.18 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted HTML document or (2) a crafted URL that is mishandled during access-log analysis.... Read more

    Affected Products : research_artisan_lite
    • Published: Jul. 25, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2021-32632

    Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are vulnerable to cross-site request forgery (CSRF). Hosters of the bot should upgrade to `v1.52` or `stable` to install the patch or, as a workaround, can add one modern dependency.... Read more

    Affected Products : pajbot
    • Published: May. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-3309

    Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 process IKE requests despite a vpnclient mode configuration, which allows remote attackers to obtain potentially sensitive information by reading IKE responder traf... Read more

    • Published: May. 02, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-27525

    An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1 ... Read more

    Affected Products : superset
    • Published: Apr. 17, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-4856

    Multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) url parameters; (4) certain content parameters in the preview method; or (5) the ... Read more

    Affected Products : roller_weblogger
    • Published: Sep. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2012-4267

    Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter.... Read more

    Affected Products : sockso
    • Published: Aug. 13, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-8308

    Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : businessobjects
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-12110

    The Gold Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate() and deactivate() functions in all versions up to, and including, 1.3.2. This makes it possible for au... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 4.3

    MEDIUM
    CVE-2024-9705

    The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ucsm_update_template_name_lite' function in all versions up to, and including, 1.0.9. This makes it po... Read more

    • Published: Dec. 06, 2024
    • Modified: Jun. 05, 2025

  • 4.3

    MEDIUM
    CVE-2024-10689

    The XLTab – Accordions and Tabs for Elementor Page Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4 via the 'XLTAB_INSERT_TPL' shortcode due to insufficient restrictions on which posts can be inc... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 4.3

    MEDIUM
    CVE-2023-30486

    Missing Authorization vulnerability in HashThemes Square allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square: from n/a through 2.0.0.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024
Showing 20 of 293360 Results