Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-13337

    The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.2. This is due to missing or incorrect nonce validation on the 'setu... Read more

    Affected Products : clearfy
    • Published: Apr. 12, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2008-7025

    TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe running, allows remote HTTP proxies to cause a denial of service (crash) and disable the HIDS module via a crafted response.... Read more

    Affected Products : zonealarm
    • Published: Aug. 21, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-47625

    PX4 autopilot is a flight control solution for drones. In affected versions a global buffer overflow vulnerability exists in the CrsfParser_TryParseCrsfPacket function in /src/drivers/rc/crsf_rc/CrsfParser.cpp:298 due to the invalid size check. A maliciou... Read more

    Affected Products : px4_drone_autopilot
    • Published: Nov. 13, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-7268

    Cross-site scripting (XSS) vulnerability in the data-export feature in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CV... Read more

    Affected Products : wbs_gantt-chart
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4127

    Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-regi... Read more

    Affected Products : church_admin
    • Published: May. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4266

    The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks ... Read more

    Affected Products : identity_services_engine_software
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-1367

    Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.11 allows remote attackers to inject arbitrary web script or HTML via the query parameter in search action, a different issue than CVE-2008-6127.2a.... Read more

    Affected Products : mozilocms
    • Published: Apr. 22, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-4281

    Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source 3.4 and 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the login field on the login page, and other unspecified vectors.... Read more

    Affected Products : open_source
    • Published: Aug. 09, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-4580

    Cross-site scripting (XSS) vulnerability in blipbot.ajax.php in the WP BlipBot plugin 3.0.9 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the BlipBotID parameter.... Read more

    Affected Products : wp_blipbot
    • Published: Jul. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2004-0534

    Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document.... Read more

    Affected Products : webintelligence infoview
    • Published: Sep. 17, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2014-4531

    Cross-site scripting (XSS) vulnerability in main_page.php in the Game tabs plugin 0.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the n parameter.... Read more

    Affected Products : game_tabs
    • Published: Jul. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4557

    Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for Jigoshop (swipe-hq-checkout-for-jigoshop) plugin 3.1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter... Read more

    Affected Products : swipe_hq_checkout_for_jigoshop
    • Published: Jul. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4520

    Cross-site scripting (XSS) vulnerability in phprack.php in the DMCA WaterMarker plugin before 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the plugin_dir parameter.... Read more

    Affected Products : dmca_watermarker
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2006-1637

    Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) tname or (2) fpost parameters to (a) post.php; (3) fullname, (4) emailadd, (5) country, (6) sig, or (7) otherav par... Read more

    Affected Products : awebbb
    • Published: Apr. 06, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2016-4048

    An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can be abused to inject arbitrary text messages. Users may g... Read more

    Affected Products : open-xchange_appsuite
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0937

    Cross-site scripting (XSS) vulnerability in search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : malware_analysis_appliance
    • Published: Apr. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2018-2026

    IBM Financial Transaction Manager 3.2.1 for Digital Payments could allow an authenticated user to obtain a directory listing of internal product files. IBM X-Force ID: 155552.... Read more

    Affected Products : financial_transaction_manager
    • Published: Jan. 23, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-29705

    code-gen <=2.0.6 is vulnerable to Incorrect Access Control. The project does not have permission control allowing anyone to access such projects.... Read more

    Affected Products : code-gen
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2007-4333

    Multiple cross-site scripting (XSS) vulnerabilities in signup.php in Article Dashboard allow remote attackers to inject arbitrary web script or HTML via the (1) f_emailaddress, (2) f_reemailaddress, and other unspecified parameters. NOTE: the provenance ... Read more

    Affected Products : article_dashboard
    • Published: Aug. 14, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-0873

    Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlTreeBBS 2.30 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : perltreebbs
    • Published: Feb. 13, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 294335 Results