Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2015-4297

    Open redirect vulnerability in Cisco WebEx Node for Media Convergence Server (MCS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted HTTP request parameters, aka Bug ID CSCuv32136.... Read more

    Affected Products : webex_node_for_mcs
    • Published: Aug. 19, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2020-14810

    Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospitality Applications (component: WebConnect). Supported versions that are affected are 8.10.2 and 8.11-8.14. Easily exploitable vulnerability allows unauthenticated attacker with network... Read more

    Affected Products : hospitality_suite8
    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2014-2734

    The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing ... Read more

    Affected Products : ruby
    • Published: Apr. 24, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2013-1124

    The Cisco Network Admission Control (NAC) agent on Mac OS X does not verify the X.509 certificate of an Identity Services Engine (ISE) server during an SSL session, which allows man-in-the-middle attackers to spoof ISE servers via an arbitrary certificate... Read more

    Affected Products : mac_os_x network_admission_control
    • Published: Feb. 28, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2017-12311

    A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. The vulnerability is trigg... Read more

    Affected Products : meeting_server
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2023-32173

    Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required ... Read more

    Affected Products : uagateway
    • Published: May. 03, 2024
    • Modified: Aug. 08, 2025

  • 5.8

    MEDIUM
    CVE-2015-0543

    EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : secure_remote_services
    • Published: Jul. 05, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-1970

    Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors.... Read more

    Affected Products : android es_file_explorer
    • Published: Mar. 20, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2017-18485

    Cognitoys Dino devices allow profiles_add.html CSRF.... Read more

    • Published: Aug. 08, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2013-7255

    Open redirect vulnerability in Opsview before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.... Read more

    Affected Products : opsview
    • Published: Jan. 03, 2014
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2024-30122

    HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers.... Read more

    Affected Products : sametime
    • Published: Oct. 23, 2024
    • Modified: Nov. 25, 2024

  • 5.8

    MEDIUM
    CVE-2006-7093

    Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 Security Patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : laithai
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2007-0590

    Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre 1.0 remote attackers to inject arbitrary web script or HTML via the palavra parameter.... Read more

    Affected Products : forum_livre
    • Published: Jan. 30, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2007-4068

    Multiple SQL injection vulnerabilities in Webyapar 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the kat_id parameter to the default URI in a download action or (2) the id parameter to the default URI in a duyurular_detay action.... Read more

    Affected Products : webyapar
    • Published: Jul. 30, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2011-2941

    Open redirect vulnerability in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the initialURI parameter.... Read more

    • Published: Feb. 26, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2008-0501

    Directory traversal vulnerability in phpMyClub 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page_courante parameter to the top-level URI.... Read more

    Affected Products : phpmyclub
    • Published: Jan. 30, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2014-3750

    The Bilyoner application before 2.3.1 for Android and before 4.6.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : bilyoner
    • Published: May. 16, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2003-1401

    login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request.... Read more

    Affected Products : php_board
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2014-9292

    Server-side request forgery (SSRF) vulnerability in proxy.php in the jRSS Widget plugin 1.2 and earlier for WordPress allows remote attackers to trigger outbound requests and enumerate open ports via the url parameter.... Read more

    Affected Products : jrss_widget
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-3922

    Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter.... Read more

    Affected Products : coppermine_photo_gallery
    • Published: May. 27, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 294863 Results