Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2018-0333

    A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic configuration changes that could allow an attacker to b... Read more

    • Published: Jun. 07, 2018
    • Modified: Nov. 26, 2024

  • 5.8

    MEDIUM
    CVE-2024-43274

    Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.6.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 5.8

    MEDIUM
    CVE-2006-2146

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) poster_name, (2) poster_email, (3) poster_homepage, or (4) message parameter.... Read more

    Affected Products : hb-ns
    • Published: May. 02, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2024-4105

    A vulnerability has been found in FAST/TOOLS and CI Server. The affected product's WEB HMI server's function to process HTTP requests has a security flaw (Reflected XSS) that allows the execution of malicious scripts. Therefore, if a client PC with inadeq... Read more

    Affected Products :
    • Published: Jun. 26, 2024
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2007-3326

    Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. (dot dot) in (1) the loc parameter to admincp/index.php and (2) the Hyperlink information URl field for post Topi... Read more

    Affected Products : vbulletin vbulletin
    • Published: Jun. 21, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2024-5241

    A vulnerability was found in Huashi Private Cloud CDN Live Streaming Acceleration Server up to 20240520. It has been classified as critical. Affected is an unknown function of the file /manager/ipconfig_new.php. The manipulation of the argument dev leads ... Read more

    Affected Products :
    • Published: May. 23, 2024
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2023-22469

    Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cache... Read more

    Affected Products : deck nextcloud_server notes
    • Published: Jan. 10, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2024-53866

    The package manager pnpm prior to version 9.15.0 seems to mishandle overrides and global cache: Overrides from one workspace leak into npm metadata saved in global cache; npm metadata from global cache affects other workspaces; and installs by default don... Read more

    Affected Products : pnpm
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 5.8

    MEDIUM
    CVE-2021-32643

    Http4s is a Scala interface for HTTP services. `StaticFile.fromUrl` can leak the presence of a directory on a server when the `URL` scheme is not `file://`, and the URL points to a fetchable resource under its scheme and authority. The function returns `F... Read more

    Affected Products : http4s
    • Published: May. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2015-0697

    Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to redirect users to arbitrary web sites and conduct phishing... Read more

    Affected Products : telepresence_tc_software
    • Published: Apr. 15, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2007-6129

    Directory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: in some environments, this can be leveraged for r... Read more

    Affected Products : amber_script
    • Published: Nov. 26, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2007-3164

    Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote ... Read more

    Affected Products : internet_explorer
    • Published: Jun. 11, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2015-0878

    Directory traversal vulnerability in CREAR AL-Mail32 before 1.13d allows remote attackers to write to arbitrary files via a crafted filename of an attachment.... Read more

    Affected Products : al-mail32
    • Published: Feb. 20, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2021-34808

    Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.... Read more

    Affected Products : media_server
    • Published: Jun. 18, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2023-43509

    A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to send notifications to computers that are running ClearPass OnGuard. These notifications can then be used to phish users or ... Read more

    Affected Products : clearpass_policy_manager
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2022-32550

    An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app ... Read more

    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2018-13337

    Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript.... Read more

    Affected Products : terramaster_operating_system tos tos
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2019-15686

    Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-vi... Read more

    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-4037

    In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to... Read more

    Affected Products : oauth2_proxy
    • Published: Jun. 29, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2019-16511

    An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archiv... Read more

    Affected Products : wix_toolset
    • Published: Sep. 19, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results