Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2024-37515

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Optemiz XPlainer - WooCommerce Product FAQ allows Reflected XSS.This issue affects XPlainer - WooCommerce Product FAQ: from n/a through 1.6.3.... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2024-10354

    A vulnerability classified as critical was found in SourceCodester Petrol Pump Management Software 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/print.php. The manipulation of the argument id leads to sql injection. Th... Read more

    Affected Products : petrol_pump_management
    • Published: Oct. 25, 2024
    • Modified: Oct. 30, 2024

  • 5.8

    MEDIUM
    CVE-2006-1574

    Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, World Wide Web Desktop, World Wide Web for Scheduler, and Desktop for Scheduler, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.... Read more

    • Published: Apr. 01, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2022-21508

    Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.3. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Essbase executes to comp... Read more

    Affected Products : essbase
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2025-1556

    A vulnerability, which was classified as problematic, has been found in westboy CicadasCMS 1.0. This issue affects some unknown processing of the file /system of the component Template Management. The manipulation leads to deserialization. The attack may ... Read more

    Affected Products : cicadascms
    • Published: Feb. 22, 2025
    • Modified: Feb. 22, 2025
    • Vuln Type: Authentication

  • 5.8

    MEDIUM
    CVE-2011-4403

    Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a ... Read more

    Affected Products : zen_cart
    • Published: Apr. 24, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2006-3526

    Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php in Sport-slo Advanced Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) name and (2) form parameters.... Read more

    Affected Products : sport-slo_advanced_guestbook
    • Published: Jul. 12, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2020-12529

    An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports.... Read more

    Affected Products : mbconnect24 mymbconnect24
    • Published: Mar. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-7126

    A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.... Read more

    Affected Products : airwave_glass
    • Published: Oct. 26, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2009-5020

    Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.... Read more

    Affected Products : awstats awstats
    • Published: Dec. 02, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2014-4831

    IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors.... Read more

    • Published: Nov. 28, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2018-12270

    In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick users into visiting unintended web sites.... Read more

    Affected Products : steam_client steam
    • Published: May. 20, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2023-40708

    The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10.3b. This could allow an adversary to access some device files.... Read more

    Affected Products : snap_pac_s1_firmware snap_pac_s1
    • Published: Aug. 24, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2012-4918

    Call of Duty Elite for iOS 2.0.1 does not properly validate the server SSL certificate, which allows remote attackers to obtain sensitive information via a Man-in-the-Middle (MITM) attack.... Read more

    Affected Products : call_of_duty_elite
    • Published: Jan. 22, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-0741

    IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary cert... Read more

    • Published: Dec. 28, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-6814

    The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors.... Read more

    Affected Products : netweaver
    • Published: Nov. 20, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-5053

    The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently... Read more

    Affected Products : wifi_protected_setup_protocol
    • Published: Jan. 06, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2017-7513

    It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a PostgreSQL server using a specially crafte... Read more

    Affected Products : satellite
    • Published: Aug. 22, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2015-3375

    Cross-site request forgery (CSRF) vulnerability in the Shibboleth Authentication module before 6.x-4.1 and 7.x-4.x before 7.x-4.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete user role matching... Read more

    • Published: Apr. 21, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2010-1040

    The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the "simple login" functionality via unknown vectors r... Read more

    Affected Products : openpne
    • Published: Mar. 23, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 294863 Results