Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2008-6984

    Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a ... Read more

    Affected Products : plesk
    • Published: Aug. 19, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2018-0256

    A vulnerability in the peer-to-peer message processing functionality of Cisco Packet Data Network Gateway could allow an unauthenticated, remote attacker to cause the Session Manager (SESSMGR) process on an affected device to restart, resulting in a denia... Read more

    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-17522

    When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache serve... Read more

    Affected Products : traffic_control
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2015-7285

    CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center (ARC) servers, which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response.... Read more

    Affected Products : gprs_cs2300-r_firmware gprs
    • Published: Nov. 25, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2020-2281

    A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources.... Read more

    Affected Products : lockable_resources
    • Published: Sep. 23, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2015-7793

    Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors.... Read more

    Affected Products : cg-wlbaragm_firmware
    • Published: Dec. 30, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2016-4788

    Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors.... Read more

    Affected Products : pulse_connect_secure connect_secure
    • Published: May. 26, 2016
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-9418

    The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes.... Read more

    Affected Products : watupro
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-31747

    Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks.... Read more

    Affected Products : pluck
    • Published: Dec. 10, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2011-5239

    CiviCRM 4.0.5 and 4.1.1 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid... Read more

    Affected Products : civicrm
    • Published: Nov. 06, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2022-34160

    IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 2... Read more

    Affected Products : linux_kernel cics_tx
    • Published: Jul. 08, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2023-39436

    SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could... Read more

    Affected Products : supplier_relationship_management
    • Published: Aug. 08, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2014-3781

    The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request.... Read more

    Affected Products : dotclear
    • Published: Jun. 11, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-0803

    Directory traversal vulnerability in the tetra filer application 2.3.1 and earlier for Android 4.0.3, tetra filer free application 2.3.1 and earlier for Android 4.0.3, tetra filer application 1.5.1 and earlier for Android before 4.0.3, and tetra filer fre... Read more

    Affected Products : android tetra_filer tetra_filer_free
    • Published: Jan. 12, 2014
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2014-6535

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote attackers to affect confidentiality and integrity via vectors related to SECURITY.... Read more

    Affected Products : peoplesoft_products
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2024-5195

    A vulnerability was found in Arris VAP2500 08.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file /diag_s.php. The manipulation of the argument customer_info leads to command injection. The attack may be lau... Read more

    Affected Products :
    • Published: May. 22, 2024
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2024-31122

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prism IT Systems User Rights Access Manager allows Reflected XSS.This issue affects User Rights Access Manager: from n/a through 1.1.2. ... Read more

    Affected Products :
    • Published: Mar. 31, 2024
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2024-5969

    The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomatic_send_e... Read more

    Affected Products : aiomatic
    • Published: Jul. 27, 2024
    • Modified: Aug. 08, 2025

  • 5.8

    MEDIUM
    CVE-2024-6095

    A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery (SSRF) and partial Local File Inclusion (LFI). The endpoint supports both http(s):// and file:// schemes, where the latter can lead to L... Read more

    Affected Products : localai
    • Published: Jul. 06, 2024
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2024-8166

    A vulnerability has been found in Ruijie EG2000K 11.1(6)B2 and classified as critical. This vulnerability affects unknown code of the file /tool/index.php?c=download&a=save. The manipulation of the argument content leads to unrestricted upload. The attack... Read more

    • Published: Aug. 26, 2024
    • Modified: Aug. 27, 2024
Showing 20 of 294863 Results