Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2020-6282

    SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request fr... Read more

    • Published: Jul. 14, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-12848

    In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. An anonymous user that obtains a valid public link can get the associa... Read more

    Affected Products : cells
    • Published: Jun. 05, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-14722

    Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with n... Read more

    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2008-1729

    The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for the "a... Read more

    Affected Products : drupal
    • Published: Apr. 11, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2021-23384

    The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker.example/). The vulnerable code is in index... Read more

    Affected Products : koa-remove-trailing-slashes
    • Published: May. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2018-15516

    The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.... Read more

    Affected Products : central_wifimanager
    • Published: Jan. 31, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2018-3215

    Vulnerability in the Oracle Endeca Information Discovery Integrator component of Oracle Fusion Middleware (subcomponent: Integrator ETL). Supported versions that are affected are 3.1.0 and 3.2.0. Easily exploitable vulnerability allows unauthenticated att... Read more

    • Published: Oct. 17, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2022-20943

    Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) c... Read more

    • Published: Nov. 15, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2018-5477

    An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and ne... Read more

    Affected Products : netcadops
    • Published: Feb. 20, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2011-4867

    The Tencent QQPhoto (com.tencent.qqphoto) application 0.97 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a password hash via a crafted application.... Read more

    Affected Products : qqpphoto android
    • Published: Jan. 25, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2020-11814

    A Host Header Injection vulnerability in qdPM 9.1 may allow an attacker to spoof a particular header and redirect users to malicious websites.... Read more

    Affected Products : qdpm
    • Published: Apr. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2023-0532

    A vulnerability classified as critical was found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/disapprove_user.php. The manipulation of the argument id leads to... Read more

    • Published: Jan. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2023-0534

    A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file admin/expense_report.php. The manipulation of the argument to_date leads to sql injection... Read more

    • Published: Jan. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2014-3944

    The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.... Read more

    Affected Products : typo3
    • Published: Jun. 03, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2023-5054

    The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This make... Read more

    Affected Products : super_store_finder
    • Published: Sep. 19, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2023-7036

    A vulnerability was found in automad up to 1.10.9. It has been classified as problematic. This affects the function upload of the file FileCollectionController.php of the component Content Type Handler. The manipulation leads to unrestricted upload. It is... Read more

    Affected Products : automad
    • Published: Dec. 21, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2009-1002

    Unspecified vulnerability in Oracle BEA WebLogic Server 10.3, 10.0 Gold through MP1, 9.2 Gold through MP3, 9.1, 9.0, 8.1 Gold through SP6, and 7.0 Gold through SP7 allows remote attackers to gain privileges via unknown vectors.... Read more

    Affected Products : bea_product_suite
    • Published: Apr. 15, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2024-7706

    A vulnerability was found in Fujian mwcms 1.0.0. It has been rated as critical. Affected by this issue is the function uploadimage of the file /uploadfile.html. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launch... Read more

    Affected Products : mwcms
    • Published: Aug. 12, 2024
    • Modified: Aug. 22, 2024

  • 5.8

    MEDIUM
    CVE-2021-27416

    An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web brow... Read more

    • Published: Mar. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2023-36472

    Strapi is an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The `/content-manager/relations` route does not remove pr... Read more

    Affected Products : strapi
    • Published: Sep. 15, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294858 Results