Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2023-7240

     An improper authorization level has been detected in the login panel. It may lead to unauthenticated Server Side Request Forgery and allows to perform open services enumeration. Server makes query to provided server (Server IP/DNS field) and is triggerin... Read more

    Affected Products :
    • Published: May. 07, 2024
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2015-3354

    Cross-site request forgery (CSRF) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete wishlist purchase intentions via u... Read more

    Affected Products : wishlist
    • Published: Apr. 21, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2020-15198

    In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has the same shape as the `values` one.... Read more

    Affected Products : tensorflow
    • Published: Sep. 25, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2007-6527

    uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload) module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a (1) JPG, (2) GIF... Read more

    Affected Products : punbb
    • Published: Dec. 27, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2013-4723

    Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l paramete... Read more

    • Published: Apr. 25, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2007-6133

    PHP remote file inclusion vulnerability in admin/kfm/initialise.php in DevMass Shopping Cart 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the kfm_base_path parameter.... Read more

    Affected Products : devmass_cart
    • Published: Nov. 27, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2012-5769

    IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity d... Read more

    Affected Products : spss_modeler
    • Published: Jan. 01, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-5789

    PayPal Payments Standard PHP Library before 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL s... Read more

    Affected Products : payments_standard
    • Published: Nov. 04, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-5824

    Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certi... Read more

    Affected Products : trillian
    • Published: Nov. 04, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2022-29431

    Cross-Site Request Forgery (CSRF) vulnerability in KubiQ CPT base plugin <= 5.8 at WordPress allows an attacker to delete the CPT base.... Read more

    Affected Products : cpt_base
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2011-1324

    Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack... Read more

    • Published: May. 09, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2014-0805

    Directory traversal vulnerability in the NeoFiler application 5.4.3 and earlier, NeoFiler Free application 5.4.3 and earlier, and NeoFiler Lite application 2.4.2 and earlier for Android allows attackers to overwrite or create arbitrary files via unspecifi... Read more

    Affected Products : neofiler
    • Published: Jan. 12, 2014
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2008-0982

    Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to obtain sensitive information via a direct request for spyce/examples/automaton.spy, which reveals the path in an error message.... Read more

    Affected Products : spyce
    • Published: Feb. 25, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2015-7794

    Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries.... Read more

    Affected Products : cg-wlncm4g_firmware
    • Published: Dec. 30, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2006-2028

    Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy Ashcraft Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the imagedir parameter. NOTE: this issue might be resultant from directory traversal... Read more

    Affected Products : simplog
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2012-5352

    Java Open Single Sign-On Project Home (JOSSO) allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."... Read more

    • Published: Oct. 09, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2014-1975

    Directory traversal vulnerability in the R-Company Unzipper application 1.0.1 and earlier for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename.... Read more

    Affected Products : unzipper
    • Published: Mar. 18, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2007-3145

    Visual truncation vulnerability in Galeon 2.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using... Read more

    Affected Products : galeon_browser
    • Published: Jun. 11, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2014-0636

    EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate chain.... Read more

    Affected Products : bsafe_micro-edition-suite
    • Published: Apr. 11, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2019-12821

    A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that depends only on the specific device ID of the robot vacu... Read more

    Affected Products : i3_firmware i3
    • Published: Jul. 19, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results