Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-9042

    Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a lin... Read more

    Affected Products : owncloud owncloud_server
    • Published: Feb. 04, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2018-16968

    Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal.... Read more

    Affected Products : sharefile_storagezones_controller
    • Published: Sep. 26, 2018
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-10560

    The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : form_maker
    • Published: Mar. 25, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2025-48219

    O2 UK before 2025-05-19 allows subscribers to determine the Cell ID of other subscribers by initiating an IMS (IP Multimedia Subsystem) call and then reading the utran-cell-id-3gpp field of a Cellular-Network-Info SIP header, aka an ECI (E-UTRAN Cell Iden... Read more

    Affected Products :
    • Published: May. 18, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2025-51385

    D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the yyxz_dlink_asp function via the id parameter.... Read more

    Affected Products : di-8200_firmware di-8200
    • Published: Jul. 31, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Memory Corruption

  • 3.5

    LOW
    CVE-2025-0627

    The WordPress Tag, Category, and Taxonomy Manager WordPress plugin before 3.30.0 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the ... Read more

    Affected Products : taxopress
    • Published: Apr. 28, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2008-0971

    Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Barracuda Spam Firewall (BSF) before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before 3.1.01.017, and Load Balancer before 2.3.024 allow remo... Read more

    • Published: Dec. 19, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2024-13122

    The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for exa... Read more

    Affected Products : advanced_form_integration
    • Published: Mar. 25, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2025-3635

    A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks.... Read more

    Affected Products : moodle
    • Published: Apr. 25, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 3.5

    LOW
    CVE-2024-13123

    The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for exa... Read more

    Affected Products : advanced_form_integration
    • Published: Mar. 25, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2024-12683

    The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : smart_maintenance_mode
    • Published: Mar. 26, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2024-9771

    The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (... Read more

    Affected Products : wp-recall
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2025-1452

    The Favorites WordPress plugin before 2.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ... Read more

    Affected Products : favorites
    • Published: Mar. 25, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2023-50458

    In Dradis before 4.11.0, the Output Console shows a job queue that may contain information about other users' jobs.... Read more

    Affected Products : dradis
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2006-6512

    Directory traversal vulnerability in the Browse function (/browse URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to list arbitrary directories via URL encoded backslashes ("%2F") in the path parameter.... Read more

    Affected Products : winamp_web_interface
    • Published: Dec. 14, 2006
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-2909

    Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update.... Read more

    Affected Products : vbulletin vbulletin
    • Published: May. 30, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2023-3511

    An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge req... Read more

    Affected Products : gitlab
    • Published: Dec. 15, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2007-1732

    Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter. NOTE: the provenance of this information is unknow... Read more

    Affected Products : wordpress
    • Published: Mar. 28, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2023-49098

    Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939.... Read more

    Affected Products : discourse_reactions
    • Published: Jan. 12, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2023-49578

    SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integr... Read more

    Affected Products : cloud_connector
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293608 Results