Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2021-34696

    A vulnerability in the access control list (ACL) programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect programming of... Read more

    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2014-2230

    Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest ... Read more

    Affected Products : openx
    • Published: Oct. 23, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2022-3211

    Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6.... Read more

    Affected Products : pimcore
    • Published: Sep. 15, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2022-40183

    An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the encoder address can send a crafted link to a user, which will execute JavaScript code i... Read more

    • Published: Oct. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-2595

    Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). The supported version that is affected is 19.3.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via mu... Read more

    Affected Products : graalvm
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-26033

    An issue was discovered in Zammad before 3.4.1. The Tag and Link REST API endpoints (for add and delete) lack a CSRF token check.... Read more

    Affected Products : zammad
    • Published: Dec. 28, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-2717

    Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows unauthenticated at... Read more

    Affected Products : banking_corporate_lending
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2024-20293

    A vulnerability in the activation of an access control list (ACL) on Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the protection that is offere... Read more

    • Published: May. 22, 2024
    • Modified: Jul. 30, 2025

  • 5.8

    MEDIUM
    CVE-2021-27908

    In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used ... Read more

    Affected Products : mautic
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2012-5823

    Open Source Classifieds does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid... Read more

    Affected Products : opensourceclassifieds
    • Published: Nov. 04, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2023-37532

    HCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the system. ... Read more

    Affected Products : commerce
    • Published: Oct. 23, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-29474

    HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker can read arbitrary `.md` files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path trave... Read more

    Affected Products : hedgedoc
    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2022-23078

    In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page.... Read more

    Affected Products : habitica
    • Published: Jun. 22, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2012-1545

    Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own ... Read more

    Affected Products : internet_explorer ie
    • Published: Mar. 09, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-5236

    Moneris eSelectPlus 2.03 PHP API does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitr... Read more

    Affected Products : eselect_plus
    • Published: Nov. 06, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2021-32070

    The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an attacker to modify the browser header and redirect users.... Read more

    Affected Products : micollab
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2014-9343

    Open redirect vulnerability in modules/system/controller/selectlanguage.class.php in Snowfox CMS 1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the rd parameter in a submit action to snowfox/... Read more

    Affected Products : snowfox_content_management_system
    • Published: Dec. 08, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2020-3597

    A vulnerability in the configuration restore feature of Cisco Nexus Data Broker software could allow an unauthenticated, remote attacker to perform a directory traversal attack on an affected device. The vulnerability is due to insufficient validation of ... Read more

    Affected Products : nexus_data_broker
    • Published: Oct. 08, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2012-4982

    Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the a parameter.... Read more

    Affected Products : counteract
    • Published: Dec. 05, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2017-5871

    Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Open redirection. The impact is: obtain sensitive information (remote).... Read more

    Affected Products : odoo
    • Published: May. 22, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results