Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2022-3336

    The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack... Read more

    Affected Products : event_monster
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 4.3

    MEDIUM
    CVE-2024-53243

    In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see ale... Read more

    Affected Products : splunk splunk_secure_gateway
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 4.3

    MEDIUM
    CVE-2022-38380

    An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API.... Read more

    Affected Products : fortios
    • Published: Nov. 02, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-2663

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable ... Read more

    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-0648

    Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow remote attackers to bypass cross-site scripting (XSS) protection via (1) "decimal HTML entities" or (2) "the \x00 symbol."... Read more

    Affected Products : safehtml
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2022-28869

    A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the browser did not show full URL, such as port number.... Read more

    Affected Products : safe
    • Published: Apr. 15, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-33311

    Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors.... Read more

    Affected Products : office
    • Published: Aug. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-54016

    Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): through <=2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.... Read more

    Affected Products : seata
    • Published: Mar. 20, 2025
    • Modified: Apr. 01, 2025

  • 4.3

    MEDIUM
    CVE-2022-37981

    Windows Event Logging Service Denial of Service Vulnerability... Read more

    • Published: Oct. 11, 2022
    • Modified: Jan. 02, 2025

  • 4.3

    MEDIUM
    CVE-2013-5314

    Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter.... Read more

    Affected Products : serendipity
    • Published: Aug. 19, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-1258

    Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag a... Read more

    • Published: Jun. 16, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-9518

    Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 allows remote attackers to inject arbitrary web script or HTML via the html_response_page parameter.... Read more

    Affected Products : dir-655_firmware dir-655
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2011-2107

    Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, rel... Read more

    • Published: Jun. 09, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-9571

    Cross-site scripting (XSS) vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter.... Read more

    Affected Products : mantisbt
    • Published: Jan. 26, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9526

    Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/dashboard/users/groups/bulkupdate.php or (2) instance_id... Read more

    Affected Products : concrete_cms concrete5
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-29215

    Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access control which allows a user to run a slash command in a channel they are not a member of via linking a playbook run to that channel and runni... Read more

    Affected Products : mattermost_server mattermost
    • Published: May. 26, 2024
    • Modified: Jul. 08, 2025

  • 4.3

    MEDIUM
    CVE-2024-31371

    Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Event Aggregator.This issue affects WP Event Aggregator: from n/a through 1.7.6. ... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31384

    Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Spa and Salon.This issue affects Spa and Salon: from n/a through 1.2.7. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31404

    Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.... Read more

    Affected Products : garoon
    • Published: Jun. 11, 2024
    • Modified: May. 28, 2025

  • 4.3

    MEDIUM
    CVE-2014-9479

    Cross-site scripting (XSS) vulnerability in the preview in the TemplateSandbox extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via the text parameter to Special:TemplateSandbox.... Read more

    Affected Products : mediawiki
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293542 Results