Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2012-2909

    Multiple cross-site scripting (XSS) vulnerabilities in Viscacha 0.8.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) text field in the Private Messages System, (2) Bad Word field in Zensur, or (3) Portal or (4) Topic field in ... Read more

    Affected Products : viscacha
    • Published: May. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-1653

    The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated atta... Read more

    Affected Products : categorify
    • Published: Feb. 27, 2024
    • Modified: Jan. 07, 2025

  • 4.3

    MEDIUM
    CVE-2014-5343

    Cross-site scripting (XSS) vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name field.... Read more

    Affected Products : feng_office
    • Published: Aug. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-7386

    The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. This is due to missing nonce validation on the addRefund() function. This makes it possible... Read more

    • Published: Sep. 25, 2024
    • Modified: Jul. 10, 2025

  • 4.3

    MEDIUM
    CVE-2022-21683

    Wagtail is a Django based content management system focused on flexibility and user experience. When notifications for new replies in comment threads are sent, they are sent to all users who have replied or commented anywhere on the site, rather than only... Read more

    Affected Products : wagtail wagtail
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-40443

    SQL Injection vulnerability in Simple Laboratory Management System using PHP and MySQL v.1.0 allows a remote attacker to cause a denial of service via the delete_users function in the Useres.php... Read more

    • Published: Nov. 13, 2024
    • Modified: Apr. 16, 2025

  • 4.3

    MEDIUM
    CVE-2024-24708

    Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER.This issue affects W3SPEEDSTER: from n/a through 7.19. ... Read more

    Affected Products : w3speedster
    • Published: Feb. 29, 2024
    • Modified: May. 07, 2025

  • 4.3

    MEDIUM
    CVE-2006-2637

    Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) Morris Guestbook 1, (2) Pretty Guestbook 1, and (3) Smile Guestbook 1 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG e... Read more

    • Published: May. 30, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-36748

    The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. This is due to missing or incorrect nonce validation on the handle_order_export() function. This makes it possible for unauthenticated atta... Read more

    Affected Products : dokan
    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-30526

    Cross-Site Request Forgery (CSRF) vulnerability in Easy Social Feed.This issue affects Easy Social Feed: from n/a through 6.5.6. ... Read more

    Affected Products : easy_social_feed
    • Published: Mar. 31, 2024
    • Modified: Jun. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-35636

    Cross-Site Request Forgery (CSRF) vulnerability in Uploadcare Uploadcare File Uploader and Adaptive Delivery (beta) uploadcare.This issue affects Uploadcare File Uploader and Adaptive Delivery (beta): from n/a through 3.0.11.... Read more

    Affected Products :
    • Published: Jun. 01, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31381

    Cross-Site Request Forgery (CSRF) vulnerability in RebelCode Spotlight Social Media Feeds.This issue affects Spotlight Social Media Feeds: from n/a through 1.6.10. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-2761

    Cross-site scripting (XSS) vulnerability in the Exceptions and Scanning Exceptions Pages in Websense TRITON AP-WEB before 8.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : triton_ap_web triton
    • Published: Mar. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-31422

    Cross-Site Request Forgery (CSRF) vulnerability in Philippe Bernard Favicon.This issue affects Favicon: from n/a through 1.3.29. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-32075

    The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. In `pimcore/customer-management-framework-bundle` prior to version 3.3.9, business logic errors are possible in the `Conditions` tab since the counter can... Read more

    Affected Products : customer_management_framework
    • Published: May. 11, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-0457

    Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : e107
    • Published: Mar. 15, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-47763

    Missing Authorization vulnerability in Martin Gibson WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.31.... Read more

    Affected Products : wp_custom_admin_interface
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2012-4771

    Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/accounts/, (2) admin/manage/, or (3) admin/manage/blocks/edit/; or (4) group pa... Read more

    Affected Products : subrion_cms
    • Published: Oct. 22, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-31046

    TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authe... Read more

    Affected Products : typo3
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-7776

    Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.... Read more

    Affected Products : garoon
    • Published: Jun. 19, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 293366 Results