Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2011-4332

    Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : joomla\! joomla
    • Published: Nov. 23, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2025-0935

    The Media Library Folders plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on several AJAX actions in all versions up to, and including, 8.3.0. This makes it possible for authenticated attackers, ... Read more

    Affected Products : media_library_folders
    • Published: Feb. 15, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-31381

    Cross-Site Request Forgery (CSRF) vulnerability in RebelCode Spotlight Social Media Feeds.This issue affects Spotlight Social Media Feeds: from n/a through 1.6.10. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31422

    Cross-Site Request Forgery (CSRF) vulnerability in Philippe Bernard Favicon.This issue affects Favicon: from n/a through 1.3.29. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-7386

    The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. This is due to missing nonce validation on the addRefund() function. This makes it possible... Read more

    • Published: Sep. 25, 2024
    • Modified: Jul. 10, 2025

  • 4.3

    MEDIUM
    CVE-2008-4745

    Cross-site scripting (XSS) vulnerability in emailFriend.asp in Uniwin eCart Professional 2.0.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : ecart_professional
    • Published: Oct. 27, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-28834

    Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosu... Read more

    Affected Products : nextcloud_server notes
    • Published: Apr. 03, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-5303

    Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. Tendermint does not limit the number of P2P connection requests. For each p2p connection, it allocates XXX bytes. Even though this memory is garbage collected o... Read more

    Affected Products : tendermint
    • Published: Apr. 10, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-2644

    Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-2642.... Read more

    Affected Products : movable_type mt4i
    • Published: Jul. 07, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-2638

    Cross-site scripting (XSS) vulnerability in SmallPICT.cgi in SmallPICT before 2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : smallpict
    • Published: Jun. 19, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0313

    Cross-site scripting (XSS) vulnerability in glucose 2 before stage 6.2 allows remote attackers to inject arbitrary web script or HTML via an RSS feed.... Read more

    Affected Products : glucose_2
    • Published: Jan. 24, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-8996

    AnyShare Cloud 6.0.9 allows authenticated directory traversal to read files, as demonstrated by the interface/downloadwithpath/downloadfile/?filepath=/etc/passwd URI.... Read more

    Affected Products : anyshare_cloud
    • Published: Feb. 16, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-16567

    A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.... Read more

    Affected Products : team_concert
    • Published: Dec. 17, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-34453

    TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to index.php?c=api&method=read_data&type=connectivity_test (which reaches /system/api.php).... Read more

    Affected Products :
    • Published: May. 03, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-42987

    SAP Manage Processing Rules (For Bank Statement) allows an attacker with basic privileges to edit shared rules of any user by tampering the request parameter. Due to missing authorization check, the attacker can edit rules that should be restricted, compr... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025

  • 4.3

    MEDIUM
    CVE-2017-12723

    A Password in Configuration File issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump stores some passwords in the configuration file, which are accessible if the pump is configured to a... Read more

    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-3330

    Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and W... Read more

    • Published: Jun. 28, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-8538

    The Big File Uploads – Increase Maximum File Upload Size plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1.2. This is due the plugin not sanitizing a file path in an error message. This makes it possible ... Read more

    Affected Products : big_file_uploads
    • Published: Sep. 07, 2024
    • Modified: Sep. 26, 2024

  • 4.3

    MEDIUM
    CVE-2025-28909

    Cross-Site Request Forgery (CSRF) vulnerability in edwardw WP No-Bot Question allows Cross Site Request Forgery. This issue affects WP No-Bot Question: from n/a through 0.1.7.... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2012-6007

    Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter, aka B... Read more

    • Published: Dec. 19, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293615 Results