Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-52719

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss ProfileGrid allows Retrieve Embedded Sensitive Data. This issue affects ProfileGrid : from n/a through 5.9.5.2.... Read more

    Affected Products : profilegrid
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2023-47828

    Missing Authorization vulnerability in Mandrill wpMandrill.This issue affects wpMandrill: from n/a through 1.33.... Read more

    Affected Products : mandrill
    • Published: Jun. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-9109

    The WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_oauth_data function in all versions up to, and including, 2.3.11. This make... Read more

    Affected Products : woocommerce_ups_shipping
    • Published: Oct. 25, 2024
    • Modified: Nov. 06, 2024

  • 4.3

    MEDIUM
    CVE-2024-1319

    The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. (e.g. draft, private, pending review, password-protected, and trashed po... Read more

    Affected Products : event_tickets
    • Published: Mar. 04, 2024
    • Modified: Apr. 24, 2025

  • 4.3

    MEDIUM
    CVE-2012-4283

    Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter.... Read more

    Affected Products : wordpress login_with_ajax
    • Published: Aug. 13, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-6692

    Cross-site scripting (XSS) vulnerability in js/wp-seo-metabox.js in the WordPress SEO by Yoast plugin before 2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_title parameter to wp-admin/post-new.php, which is n... Read more

    Affected Products : wordpress_seo yoast_seo
    • Published: Jun. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-3541

    Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : shttpd
    • Published: Jul. 03, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2221

    Cross-site scripting (XSS) vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : php-i-board
    • Published: Jun. 26, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2018-16969

    Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message.... Read more

    Affected Products : sharefile_storagezones_controller
    • Published: Sep. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-5103

    Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe. ... Read more

    Affected Products : apu0200_firmware apu0200
    • Published: Oct. 09, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-0404

    Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : documentum_eroom
    • Published: Mar. 15, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2025-31410

    Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Church Donation allows Cross Site Request Forgery.This issue affects WP Church Donation: from n/a through 1.7.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2023-42015

    IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disc... Read more

    Affected Products : urbancode_deploy
    • Published: Dec. 19, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-10532

    The Bard Extra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bardxtra_import_xml() function in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers,... Read more

    Affected Products :
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-10316

    The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.4 in includes/templates/content-switcher.php. This makes it possible for authenticated attackers, with Contribut... Read more

    Affected Products : stratum
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-5391

    Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash).... Read more

    Affected Products : jobscheduler
    • Published: Sep. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.2

    MEDIUM
    CVE-2018-12038

    An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to the disk-encryption key.... Read more

    Affected Products : 840_evo_firmware 840_evo
    • Published: Nov. 20, 2018
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-2260

    A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token.... Read more

    Affected Products : zenml
    • Published: Apr. 16, 2024
    • Modified: Jun. 12, 2025

  • 4.2

    MEDIUM
    CVE-2017-0135

    Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2... Read more

    Affected Products : edge
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.2

    MEDIUM
    CVE-2022-41848

    drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_de... Read more

    Affected Products : linux_kernel
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025
Showing 20 of 293633 Results